FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
27b9b2f0-8081-11e4-b4ca-bcaec565249cxserver -- multiple issue with X client request handling

Alan Coopersmith reports:

Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues.

The vulnerabilities could be exploited to cause the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

The GLX extension to the X Window System allows an X client to send X protocol to the X server, to request that the X server perform OpenGL rendering on behalf of the X client. This is known as "GLX indirect rendering", as opposed to "GLX direct rendering" where the X client submits OpenGL rendering commands directly to the GPU, bypassing the X server and avoiding the X server code for GLX protocol handling.

Most GLX indirect rendering implementations share some common ancestry, dating back to "Sample Implementation" code from Silicon Graphics, Inc (SGI), which SGI originally commercially licensed to other Unix workstation and graphics vendors, and later released as open source, so those vulnerabilities may affect other licensees of SGI's code base beyond those running code from the X.Org Foundation or the XFree86 Project.


Discovery 2014-12-09
Entry 2014-12-10
xorg-server
< 1.12.4_10,1

http://lists.x.org/archives/xorg-announce/2014-December/002500.html
CVE-2014-8091
CVE-2014-8092
CVE-2014-8093
CVE-2014-8094
CVE-2014-8095
CVE-2014-8096
CVE-2014-8097
CVE-2014-8098
CVE-2014-8099
CVE-2014-8100
CVE-2014-8101
CVE-2014-8102
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
< 1.20.8_3,1

xephyr
< 1.20.8_3,1

xorg-vfbserver
< 1.20.8_3,1

xorg-nestserver
< 1.20.8_3,1

xwayland
< 1.20.8_3,1

xorg-dmx
< 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347
465db5b6-9c6d-11eb-8e8a-bc542f4bd1ddxorg-server -- Input validation failures in X server XInput extension

X.Org server security reports for release 1.20.11:

  • Fix XChangeFeedbackControl() request underflow

.


Discovery 2021-04-13
Entry 2021-04-13
xorg-server
< 1.20.11,1

xwayland
< 1.20.11,1

xwayland-devel
le 1.20.0.877

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11
4f8ffb9c-f388-4fbd-b90f-b3131559d888xorg-server -- multiple vulnerabilities

Alan Coopersmith reports:

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release.


Discovery 2017-10-04
Entry 2017-10-09
xephyr
< 1.18.4_4,1

xorg-dmx
< 1.18.4_4,1

xorg-nestserver
< 1.19.1_1,2

xorg-server
< 1.18.4_4,1

xorg-vfbserver
< 1.19.1_1,1

xwayland
< 1.19.1_1

https://lists.x.org/archives/xorg-announce/2017-October/002809.html
CVE-2017-13721
CVE-2017-13723
54a69cf7-b2ef-11e4-b1f1-bcaec565249cxorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports:

Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request.

The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory.

A similarly crafted request can likely cause the X server to crash.


Discovery 2015-02-10
Entry 2015-02-12
xorg-server
< 1.14.7_2,1

xorg-server
ge 1.15.0,1 lt 1.16.4,1

CVE-2015-0255
http://lists.freedesktop.org/archives/xorg/2015-February/057158.html
54a69cf7-b2ef-11e4-b1f1-bcaec565249cxorg-server -- Information leak in the XkbSetGeometry request of X servers.

Peter Hutterer reports:

Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request.

The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory.

A similarly crafted request can likely cause the X server to crash.


Discovery 2015-02-10
Entry 2015-02-12
xorg-server
< 1.14.7_2,1

xorg-server
ge 1.15.0,1 lt 1.16.4,1

CVE-2015-0255
http://lists.freedesktop.org/archives/xorg/2015-February/057158.html
61534682-b8f4-11da-8e62-000e0c33c2dcxorg-server -- privilege escalation

Daniel Stone of X.Org reports:

During the analysis of results from the Coverity code review of X.Org, we discovered a flaw in the server that allows local users to execute arbitrary code with root privileges, or cause a denial of service by overwriting files on the system, again with root privileges.


Discovery 2006-03-20
Entry 2006-03-21
xorg-server
eq 6.9.0

CVE-2006-0745
https://bugs.freedesktop.org/show_bug.cgi?id=6213
7274e0cc-575f-41bc-8619-14a41b3c2ad0xorg-server -- multiple vulnerabilities

Adam Jackson reports:

One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-12176 through 2017-12187.


Discovery 2017-10-12
Entry 2017-10-13
xephyr
< 1.18.4_5,1

xorg-dmx
< 1.18.4_5,1

xorg-nestserver
< 1.19.1_2,2

xorg-server
< 1.18.4_5,1

xorg-vfbserver
< 1.19.1_2,1

xwayland
< 1.19.1_2

https://lists.x.org/archives/xorg-announce/2017-October/002814.html
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
< 1.20.9_1,1

xephyr
< 1.20.9_1,1

xorg-vfbserver
< 1.20.9_1,1

xorg-nestserver
< 1.20.9_1,1

xwayland
< 1.20.9_2,1

xorg-dmx
< 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712
800e8bd5-3acb-11dd-8842-001302a18722xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-06-11
Entry 2008-06-15
xorg-server
< 1.4.2,1

CVE-2008-1377
CVE-2008-1379
CVE-2008-2360
CVE-2008-2361
CVE-2008-2362
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://secunia.com/advisories/30627/
8441957c-f9b4-11e0-a78a-bcaec565249cXorg server -- two vulnerabilities in X server lock handling code

Matthieu Herrb reports:

It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file.

It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes.


Discovery 2011-10-18
Entry 2011-10-18
xorg-server
< 1.7.7_3

CVE-2011-4028
CVE-2011-4029
9a57c607-3cab-11e3-b4d9-bcaec565249cxorg-server -- use-after-free

Alan Coopersmith reports:

Pedro Ribeiro (pedrib at gmail.com) reported an issue to the X.Org security team in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption.


Discovery 2013-10-08
Entry 2013-10-24
xorg-server
ge 1.7.0 lt 1.7.7_11

ge 1.12.0 lt 1.12.4_4

CVE-2013-4396
http://lists.x.org/archives/xorg-announce/2013-October/002332.html
a863aa74-24be-11da-8882-000e0c33c2dcX11 server -- pixmap allocation vulnerability

Allocating large pixmaps by a client can trigger an integer overflow in the X server, potentially leading to execution of arbitrary code with elevated (root) privileges.


Discovery 2005-09-12
Entry 2005-09-15
XFree86-Server
< 4.5.0_2

xorg-server
< 6.8.2_5

gt 6.8.99 lt 6.8.99.12_1

14807
102441
CVE-2005-2495
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166856
https://bugs.freedesktop.org/show_bug.cgi?id=594
ab881a74-c016-4e6d-9f7d-68c8e7cedafbxorg-server -- Multiple Issues

xorg-server developers reports:

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.


Discovery 2017-07-06
Entry 2017-10-17
Modified 2018-05-20
xorg-server
le 1.18.4_6,1

ge 1.19.0,1 le 1.19.3,1

http://www.securityfocus.com/bid/99546
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
http://www.securityfocus.com/bid/99543
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
CVE-2017-10971
CVE-2017-10972
fe2b6597-c9a4-11dc-8da8-0008a18a9961xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-01-18
Entry 2008-01-23
xorg-server
< 1.4_4,1

libXfont
< 1.3.1_2,1

CVE-2007-5760
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429
CVE-2008-0006
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
http://lists.freedesktop.org/archives/xorg/2008-January/032099.html
http://secunia.com/advisories/28532/
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
< 1.20.8_4,1

xephyr
< 1.20.8_4,1

xorg-vfbserver
< 1.20.8_4,1

xorg-nestserver
< 1.20.8_4,1

xwayland
< 1.20.8_4,1

xorg-dmx
< 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html