[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: xf86/XFree86(SuSE-SA:2004:006)



Hi,

Thomas Biege wrote:

> Hm, did you restart the X server?

Yes, even rebooted the PC to avoid any caching effect.

> Does this even happen as non-root user?

yes, same effect.

>
> > Fatal server error:
> > Caught signal 4.  Server aborting
> 
> The original bug triggered a SIGSEGV (11) this one is a SIGILL (4).
> Maybe it triggered just another bug. I'll verify the sources...

Actually, rebooting the PC changed the signal to 11 again... It also
happens on our SuSE 9.0 PCs with the updated XFree86 (as root and as
any other user). And the signal is indeed caused by the font files:

riemann /root# rpm -q --changelog XFree86 |head -n 5 
* Thu Feb 12 2004 - thomas@xxxxxxx

- fixed more buffer overflows in fontfile/ direc (#34296)
- put together old and new bugs in
  fontfile-sec_bufferoverflows.diff

riemann /root/tmp# strace -f X :0 -fp $PWD
:
:
open("/root/tmp/fonts.dir", O_RDONLY)   = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=75, ...}) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=75, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
read(7, "1\nword.bdf -misc-fixed-medium-r-"..., 4096) = 75
read(7, "", 4096)                       = 0
read(7, "", 4096)                       = 0
close(7)                                = 0
munmap(0x40022000, 4096)                = 0
open("/root/tmp/fonts.alias", O_RDONLY) = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=1121, ...}) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=1121, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
read(7, "00000000000000000000000000000000"..., 4096) = 1121
close(7)                                = 0
munmap(0x40022000, 4096)                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigaction(SIGSEGV, {SIG_IGN}, {0x8084330, [SEGV], SA_RESTORER|SA_RESTART, 0x4009caa8}, 8) = 0
...



Any more information I can send to help track down the problem (full strace,
XF8Config etc.)?

cu,
Frank

-- 
Dipl.-Inform. Frank Steiner     mailto:fst_at_bio.informatik.uni-muenchen.de
Lehrstuhl f. Bioinformatik      
LMU, Amalienstr. 17             Phone: +49 89 2180-4049, Fax: -4054
80333 Muenchen, Germany         http://www.informatik.uni-kiel.de/~fst/
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here