X.Org Foundation SECURITY ADVISORY

Brookline MA, September 12, 2005

X.Org has been made aware of a possible security vulnerability in the XCreatePixmap function of the X Server, which is shipped as part of the X Window System. The affected code is used to create and reserve memory for a new pixmap in the X Server.

Due to missing range checks for the pixel size of the pixmap subsequent pixmap read/write functions can access memory outside of the allocated pixmap by any X client that can connect to the affected Xserver. This way any user having access to the server can access memory that is accessible from within the Xserver and/or crash the server.

The CVE number for these vulnerabilities is CAN20052495. Please check also: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495

X.Org has tracked this issue in: https://bugs.freedesktop.org/show_bug.cgi?id=594

This advisory affects all known versions and releases of the X Window System whether from X.Org or other vendors. Therefore users are strongly recommended to upgrade.

A fix is available under: http://www.x.org/pub/X11R6.8.2/patches/xorg-CAN-2005-2495.patch

All future versions of X.Org will have this security vulnerability fixed. Vendors shipping releases of the X Window System have been informed and will provide updates for their software.

The X.Org Foundation would like to thank Luke Hutchinson for identifying the security exploit as well as Soeren Sandmann for investigating the issue and providing a patch.

About participation and membership in X.Org:

Membership in the X.Org foundation is free and open to all participants. Active participants in the further development of the X Window System are invited to visit: http://www.x.org/XOrg_Foundation_Membership.html to complete a membership application. Participation in the Foundation's Sponsor Group is also available to those who wish to financially support the activities of the X.Org Foundation. Current Sponsors include Hewlett Packard, Sun Microsystems, Hummingbird, IBM, Starnet Communications, WRQ, and Integrated Computer Solutions (ICS).

About the X.Org Foundation:

X.Org Foundation L.L.C. is a Delaware company organized to operate as a scientific charity under IRS code 501(c)(3), chartered to develop and execute effective strategies that provide worldwide stewardship of the X Window System technology and standards. The website for the X.Org Foundation can be found at http://www.x.org/.

About The X Window System:

The X Window System provides the only common networked windowing environment bridging the heterogeneous platforms in today's computing. The X Window System is one of the most successful open-source, collaborative technologies developed to date and is the standard graphical window system for the Linux® and UNIX® operating systems. The inherent independence of the X Window System from the operating system, the network and the hardware, as well as its successful interoperability, have made it widely available and deployed with more than 30 million users worldwide. All major hardware vendors support the X Window System and many third parties provide technologies for integrating X Window System applications into the networked computer or personal computer environments including Microsoft Windows®, UNIX, Linux and Mac OS® X. Further, thousands of software developers provide X Window System applications, and with the continued growth of Linux and the emergence of Mac OS X, the number of users is growing rapidly.

Notes to Editors:

UNIX is a registered trademark of The Open Group in the US and other countries. LINUX is a registered trademark of Linus Torvalds. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. Mac OS is a registered trademark of Apple Computer, Inc., registered in the U.S. and other countries. All other company names are trademarks of the registered owners.

For questions, please contact: Leon Shiman, Secretary, X.Org Foundation, at: