Category
Security
Release Phase
Resolved
Bug Id
6541018
ProductSolaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release03-MAY-2007
Date of Resolved Release12-Mar-2008
A divide by zero security vulnerability exists in the X11 Render Extension ... see below:
1. Impact
A divide by zero security vulnerability exists in the X11 Render Extension to the X11 display server Xorg(1). By using specially crafted values for compositing or adding trapezoids, a local or remote unprivileged user who is able to display data on a running X11 server instance may cause a divide by zero error within the X11 Render Extension. This would cause the X11 display server Xorg(1) to crash, resulting in a denial of service (DoS) to the Xorg(1) server.
This issue is described in the following document:
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform
- Solaris 10 (for Xorg(1)) without patch 125720-05
Note: Solaris 8 and 9 are not affected by this issue. Solaris 10 on the SPARC platform is also not affected.
To determine if JDS release 2 is installed on a Solaris 9 x86 system, the following command can be run:
% grep distributor-version /usr/share/gnome-about/gnome-version.xml
<distributor-version>Sun Java Desktop System, Release 2</distributor-version>
3. Symptoms
Should the described issue occur, the Xorg(1) server will exit without warning.
4. Workaround
To work around the described issue, disable the Render extension by putting the following in the xorg.conf(4) file:
Section "Extensions"
Option "RENDER" "disable"
EndSection
Note: After applying this workaround, applications requiring the Render extension may not run.
5. Resolution
This issue is addressed in the following releases:
x86 Platform
- Solaris 10 (for Xorg(1)) with patch 125720-05 or later
Modification History
14-JUN-2007: Updated Contributing Factors and Resolution sections
12-Mar-2008: Updated Contributing Factors and Resolution sections. Now Resolved.
References
125720-05
AttachmentsThis solution has no attachment