PublicDateAtUSN: 2011-10-03
Candidate: CVE-2010-4818
PublicDate: 2012-09-05 23:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4818
 https://ubuntu.com/security/notices/USN-1232-1
 https://ubuntu.com/security/notices/USN-1232-2
 https://ubuntu.com/security/notices/USN-1232-3
Description:
 The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users
 to cause a denial of service (server crash) and possibly execute arbitrary
 code via (1) a crafted request that triggers a client swap in
 glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the
 screen field in a request to glx/glxcmds.c.
Ubuntu-Description: 
Notes: 
 mdeslaur> A regression caused the fix to be removed from lucid. See
 mdeslaur> USN-1232-2.
Bugs: 
 https://bugs.freedesktop.org/show_bug.cgi?id=28823
 https://bugs.freedesktop.org/show_bug.cgi?id=33449 (regression)
 https://bugs.freedesktop.org/show_bug.cgi?id=33324 (regression)
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_xorg-server:
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=62319e8381ebd645ae36b25e5fc3c0e9b098387b
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=d9225b9602c85603ae616a7381c784f5cf5e811c
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=a883cf1545abd89bb2cadfa659718884b56fd234 (regression fix)
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=1137c11be0f82049d28024eaf963c6f76e0d4334 (regression fix)
 upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=402b329c3aa8ddbebaa1f593306a02d4cd6fed26 (regression fix)
upstream_xorg-server: needs-triage
hardy_xorg-server: ignored (reached end-of-life)
lucid_xorg-server: released (2:1.7.6-2ubuntu7.10)
maverick_xorg-server: released (2:1.9.0-0ubuntu7.5)
natty_xorg-server: not-affected (2:1.10.1-1ubuntu1.2)
oneiric_xorg-server: not-affected (2:1.10.4-1ubuntu4)
devel_xorg-server: not-affected (2:1.10.4-1ubuntu4)