FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
< 1.20.9_1,1

xephyr
< 1.20.9_1,1

xorg-vfbserver
< 1.20.9_1,1

xorg-nestserver
< 1.20.9_1,1

xwayland
< 1.20.9_2,1

xorg-dmx
< 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
< 1.20.8_3,1

xephyr
< 1.20.8_3,1

xorg-vfbserver
< 1.20.8_3,1

xorg-nestserver
< 1.20.8_3,1

xwayland
< 1.20.8_3,1

xorg-dmx
< 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347
465db5b6-9c6d-11eb-8e8a-bc542f4bd1ddxorg-server -- Input validation failures in X server XInput extension

X.Org server security reports for release 1.20.11:

  • Fix XChangeFeedbackControl() request underflow

.


Discovery 2021-04-13
Entry 2021-04-13
xorg-server
< 1.20.11,1

xwayland
< 1.20.11,1

xwayland-devel
le 1.20.0.877

https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11
4f8ffb9c-f388-4fbd-b90f-b3131559d888xorg-server -- multiple vulnerabilities

Alan Coopersmith reports:

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release.


Discovery 2017-10-04
Entry 2017-10-09
xephyr
< 1.18.4_4,1

xorg-dmx
< 1.18.4_4,1

xorg-nestserver
< 1.19.1_1,2

xorg-server
< 1.18.4_4,1

xorg-vfbserver
< 1.19.1_1,1

xwayland
< 1.19.1_1

https://lists.x.org/archives/xorg-announce/2017-October/002809.html
CVE-2017-13721
CVE-2017-13723
ab881a74-c016-4e6d-9f7d-68c8e7cedafbxorg-server -- Multiple Issues

xorg-server developers reports:

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.


Discovery 2017-07-06
Entry 2017-10-17
Modified 2018-05-20
xorg-server
le 1.18.4_6,1

ge 1.19.0,1 le 1.19.3,1

http://www.securityfocus.com/bid/99546
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
http://www.securityfocus.com/bid/99543
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
CVE-2017-10971
CVE-2017-10972
9fa7b139-c1e9-409e-bed0-006aadcf5845xorg-server -- Multiple security issues in X server extensions

The X.org project reports:

  • CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow

    The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request.

    This issue does not affect systems where client and server use the same byte order.

  • CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access

    The handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code.

  • CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free

    The handler for the XvdiSelectVideoNotify request may write to memory after it has been freed.

  • CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free

    The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed.

  • CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access

    The handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure.

  • CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free

    The XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.


Discovery 2022-12-14
Entry 2023-01-11
xorg-server
xephyr
xorg-vfbserver
< 21.1.5,1

xorg-nestserver
< 21.1.5,2

xwayland
< 22.1.6,1

xwayland-devel
< 21.0.99.1.319

https://lists.x.org/archives/xorg-announce/2022-December/003302.html
CVE-2022-46340
CVE-2022-46341
CVE-2022-46342
CVE-2022-46343
CVE-2022-46344
CVE-2022-4283
7274e0cc-575f-41bc-8619-14a41b3c2ad0xorg-server -- multiple vulnerabilities

Adam Jackson reports:

One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-12176 through 2017-12187.


Discovery 2017-10-12
Entry 2017-10-13
xephyr
< 1.18.4_5,1

xorg-dmx
< 1.18.4_5,1

xorg-nestserver
< 1.19.1_2,2

xorg-server
< 1.18.4_5,1

xorg-vfbserver
< 1.19.1_2,1

xwayland
< 1.19.1_2

https://lists.x.org/archives/xorg-announce/2017-October/002814.html
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
< 1.20.8_4,1

xephyr
< 1.20.8_4,1

xorg-vfbserver
< 1.20.8_4,1

xorg-nestserver
< 1.20.8_4,1

xwayland
< 1.20.8_4,1

xorg-dmx
< 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html