Note: This is an archival copy of Security Sun Alert 200067 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000051.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A divide by zero security vulnerability exists in the X11 Render Extension ... see below:
A divide by zero security vulnerability exists in the X11 Render Extension to the X11 display server Xorg(1). By using specially crafted values for compositing or adding trapezoids, a local or remote unprivileged user who is able to display data on a running X11 server instance may cause a divide by zero error within the X11 Render Extension. This would cause the X11 display server Xorg(1) to crash, resulting in a denial of service (DoS) to the Xorg(1) server.
This issue is described in the following document:
2. Contributing Factors
This issue can occur in the following releases:
Note: Solaris 8 and 9 are not affected by this issue. Solaris 10 on the SPARC platform is also not affected.
To determine if JDS release 2 is installed on a Solaris 9 x86 system, the following command can be run:
% grep distributor-version /usr/share/gnome-about/gnome-version.xml <distributor-version>Sun Java Desktop System, Release 2</distributor-version>3. Symptoms
Should the described issue occur, the Xorg(1) server will exit without warning.
To work around the described issue, disable the Render extension by putting the following in the xorg.conf(4) file:
Section "Extensions" Option "RENDER" "disable" EndSection
Note: After applying this workaround, applications requiring the Render extension may not run.
This issue is addressed in the following releases:
14-JUN-2007: Updated Contributing Factors and Resolution sections
12-Mar-2008: Updated Contributing Factors and Resolution sections. Now Resolved.
This solution has no attachment