CVE-2010-1166

Publication date 29 April 2010

Last updated 24 July 2024

Ubuntu priority

The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xorg-server	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 2:1.6.4-2ubuntu4.3
	9.04 jaunty	Fixed 2:1.6.0-0ubuntu14.2
	8.04 LTS hardy	Fixed 2:1.4.1~git20080131-1ubuntu9.3
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xorg-server	Vendor: http://launchpadlibrarian.net/47954537/112_xaa-fbcomposite-fix-negative-size.patch

References

Related Ubuntu Security Notices (USN)

USN-939-1
X.org vulnerabilities
18 May 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-1166