FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
972568d6-3485-40ab-80ff-994a8aaf9683	xorg-server -- Multiple vulnerabilities The X.Org project reports: CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions A device has XKB button actions for each button on the device. When a logical device switch happens (e.g. moving from a touchpad to a mouse), the server re-calculates the information available on the respective master device (typically the Virtual Core Pointer). This re-calculation only allocated enough memory for a single XKB action rather instead of enough for the newly active physical device's number of button. As a result, querying or changing the XKB button actions results in out-of-bounds memory reads and writes. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). CVE-2023-6478/ZDI-CAN-22561: X.Org server: Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty This fixes an OOB read and the resulting information disclosure. Length calculation for the request was clipped to a 32-bit integer. With the correct stuff->nUnits value the expected request size was truncated, passing the REQUEST_FIXED_SIZE check. The server then proceeded with reading at least stuff->nUnits bytes (depending on stuff->format) from the request and stuffing whatever it finds into the property. In the process it would also allocate at least stuff->nUnits bytes, i.e. 4GB. Discovery 2023-12-13 Entry 2023-12-13 xorg-server xephyr xorg-vfbserver < 21.1.10,1 xorg-nestserver < 21.1.10,2 xwayland < 23.2.3,1 xwayland-devel < 21.0.99.1.582 https://lists.x.org/archives/xorg-announce/2023-December/003435.html CVE-2023-6377 CVE-2023-6478
96d84238-b500-490b-b6aa-2b77090a0410	xorg-server -- Overlay Window Use-After-Free The X.Org project reports: ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Discovery 2023-03-29 Entry 2023-03-29 xorg-server xephyr xorg-vfbserver < 21.1.8,1 xorg-nestserver < 21.1.8,2 xwayland ge 23.0.0,1 lt 23.1.1,1 < 22.1.9,1 xwayland-devel < 21.0.99.1.439 https://lists.x.org/archives/xorg-announce/2023-March/003374.html CVE-2023-1393
9e2fdfc7-e237-4393-9fa5-2d50908c66b3	xorg-server -- Multiple vulnerabilities The X.Org project reports: ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy() would write into memory outside the heap-allocated array. ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow This vulnerability requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). If the pointer is warped from one screen to the root window of the other screen, the enter/leave code may retain a reference to the previous pointer window. Destroying this window leaves that reference in place, other windows may then trigger a use-after-free bug when they are destroyed. Discovery 2023-10-25 Entry 2023-10-25 xorg-server xephyr xorg-vfbserver < 21.1.9,1 xorg-nestserver < 21.1.9,2 xwayland < 23.2.2,1 xwayland-devel < 21.0.99.1.542 https://lists.x.org/archives/xorg-announce/2023-October/003430.html CVE-2023-5367 CVE-2023-5380

VuXML ID

Description

972568d6-3485-40ab-80ff-994a8aaf9683

xorg-server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server: Out-of-bounds memory write in XKB button actions
A device has XKB button actions for each button on the device. When a logical device switch happens (e.g. moving from a touchpad to a mouse), the server re-calculates the information available on the respective master device (typically the Virtual Core Pointer). This re-calculation only allocated enough memory for a single XKB action rather instead of enough for the newly active physical device's number of button. As a result, querying or changing the XKB button actions results in out-of-bounds memory reads and writes.

This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).

CVE-2023-6478/ZDI-CAN-22561: X.Org server: Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
This fixes an OOB read and the resulting information disclosure.

Length calculation for the request was clipped to a 32-bit integer. With the correct stuff->nUnits value the expected request size was truncated, passing the REQUEST_FIXED_SIZE check.

The server then proceeded with reading at least stuff->nUnits bytes (depending on stuff->format) from the request and stuffing whatever it finds into the property. In the process it would also allocate at least stuff->nUnits bytes, i.e. 4GB.

Discovery 2023-12-13
Entry 2023-12-13
xorg-server
xephyr
xorg-vfbserver

< 21.1.10,1

xorg-nestserver

< 21.1.10,2

xwayland

< 23.2.3,1

xwayland-devel

< 21.0.99.1.582

https://lists.x.org/archives/xorg-announce/2023-December/003435.html
CVE-2023-6377
CVE-2023-6478

96d84238-b500-490b-b6aa-2b77090a0410

xorg-server -- Overlay Window Use-After-Free

The X.Org project reports:

ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Discovery 2023-03-29
Entry 2023-03-29
xorg-server
xephyr
xorg-vfbserver

< 21.1.8,1

xorg-nestserver

< 21.1.8,2

xwayland

ge 23.0.0,1 lt 23.1.1,1

< 22.1.9,1

xwayland-devel

< 21.0.99.1.439

https://lists.x.org/archives/xorg-announce/2023-March/003374.html
CVE-2023-1393

9e2fdfc7-e237-4393-9fa5-2d50908c66b3

xorg-server -- Multiple vulnerabilities

The X.Org project reports:

ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty
When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy() would write into memory outside the heap-allocated array.

ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow
This vulnerability requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). If the pointer is warped from one screen to the root window of the other screen, the enter/leave code may retain a reference to the previous pointer window. Destroying this window leaves that reference in place, other windows may then trigger a use-after-free bug when they are destroyed.

Discovery 2023-10-25
Entry 2023-10-25
xorg-server
xephyr
xorg-vfbserver

< 21.1.9,1

xorg-nestserver

< 21.1.9,2

xwayland

< 23.2.2,1

xwayland-devel

< 21.0.99.1.542

https://lists.x.org/archives/xorg-announce/2023-October/003430.html
CVE-2023-5367
CVE-2023-5380