FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318342
Date:      2013-05-16
Time:      22:46:38Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe2b6597-c9a4-11dc-8da8-0008a18a9961	xorg -- multiple vulnerabilities Matthieu Herrb of X.Org reports: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed. Discovery 2008-01-18 Entry 2008-01-23 xorg-server lt 1.4_4,1 libXfont lt 1.3.1_2,1 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.freedesktop.org/archives/xorg/2008-January/032099.html http://secunia.com/advisories/28532/
304409c3-c3ef-11e0-8aa5-485d60cb5385	libXfont -- possible local privilege escalation Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege escalation. Discovery 2011-07-26 Entry 2011-08-11 Modified 2012-03-13 libXfont lt 1.4.4_1,1 CVE-2011-2895 https://bugzilla.redhat.com/show_bug.cgi?id=725760
fe2b6597-c9a4-11dc-8da8-0008a18a9961	xorg -- multiple vulnerabilities Matthieu Herrb of X.Org reports: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed. Discovery 2008-01-18 Entry 2008-01-23 xorg-server lt 1.4_4,1 libXfont lt 1.3.1_2,1 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.freedesktop.org/archives/xorg/2008-January/032099.html http://secunia.com/advisories/28532/
304409c3-c3ef-11e0-8aa5-485d60cb5385	libXfont -- possible local privilege escalation Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege escalation. Discovery 2011-07-26 Entry 2011-08-11 Modified 2012-03-13 libXfont lt 1.4.4_1,1 CVE-2011-2895 https://bugzilla.redhat.com/show_bug.cgi?id=725760