FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335xorg-server -- Multiple input validation failures in X server extensions

The X.org project reports:

All theses issuses can lead to local privileges elevation on systems where the X server is running privileged.

The handler for the XkbSetNames request does not validate the request length before accessing its contents.

An integer underflow exists in the handler for the XIChangeHierarchy request.

An integer underflow exist in the handler for the XkbSelectEvents request.

An integer underflow exist in the handler for the CreateRegister request of the X record extension.


Discovery 2020-08-25
Entry 2020-08-25
xorg-server
< 1.20.8_4,1

xephyr
< 1.20.8_4,1

xorg-vfbserver
< 1.20.8_4,1

xorg-nestserver
< 1.20.8_4,1

xwayland
< 1.20.8_4,1

xorg-dmx
< 1.20.8_4,1

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
4f8ffb9c-f388-4fbd-b90f-b3131559d888xorg-server -- multiple vulnerabilities

Alan Coopersmith reports:

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to our attention, Julien Cristau of Debian for getting the fixes integrated, and Adam Jackson of Red Hat for publishing the release.


Discovery 2017-10-04
Entry 2017-10-09
xephyr
< 1.18.4_4,1

xorg-dmx
< 1.18.4_4,1

xorg-nestserver
< 1.19.1_1,2

xorg-server
< 1.18.4_4,1

xorg-vfbserver
< 1.19.1_1,1

xwayland
< 1.19.1_1

https://lists.x.org/archives/xorg-announce/2017-October/002809.html
CVE-2017-13721
CVE-2017-13723
9fa7b139-c1e9-409e-bed0-006aadcf5845xorg-server -- Multiple security issues in X server extensions

The X.org project reports:

  • CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow

    The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request.

    This issue does not affect systems where client and server use the same byte order.

  • CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access

    The handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code.

  • CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free

    The handler for the XvdiSelectVideoNotify request may write to memory after it has been freed.

  • CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free

    The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed.

  • CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access

    The handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure.

  • CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free

    The XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.


Discovery 2022-12-14
Entry 2023-01-11
xorg-server
xephyr
xorg-vfbserver
< 21.1.5,1

xorg-nestserver
< 21.1.5,2

xwayland
< 22.1.6,1

xwayland-devel
< 21.0.99.1.319

https://lists.x.org/archives/xorg-announce/2022-December/003302.html
CVE-2022-46340
CVE-2022-46341
CVE-2022-46342
CVE-2022-46343
CVE-2022-46344
CVE-2022-4283
76c8b690-340b-11eb-a2b7-54e1ad3d6335xorg-server -- Multiple input validation failures in X server XKB extension

The X.org project reports:

These issues can lead to privileges elevations for authorized clients on systems where the X server is running privileged.

Insufficient checks on the lengths of the XkbSetMap request can lead to out of bounds memory accesses in the X server.

Insufficient checks on input of the XkbSetDeviceInfo request can lead to a buffer overflow on the head in the X server.


Discovery 2020-12-01
Entry 2020-12-01
xorg-server
< 1.20.9_1,1

xephyr
< 1.20.9_1,1

xorg-vfbserver
< 1.20.9_1,1

xorg-nestserver
< 1.20.9_1,1

xwayland
< 1.20.9_2,1

xorg-dmx
< 1.20.9_1,1

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
CVE-2020-14360
CVE-2020-25712
3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0xorg-server -- Pixel Data Uninitialized Memory Information Disclosure

The X.org project reports:

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client.


Discovery 2020-07-31
Entry 2020-08-01
xorg-server
< 1.20.8_3,1

xephyr
< 1.20.8_3,1

xorg-vfbserver
< 1.20.8_3,1

xorg-nestserver
< 1.20.8_3,1

xwayland
< 1.20.8_3,1

xorg-dmx
< 1.20.8_3,1

https://lists.x.org/archives/xorg-announce/2020-July/003051.html
CVE-2020-14347
7274e0cc-575f-41bc-8619-14a41b3c2ad0xorg-server -- multiple vulnerabilities

Adam Jackson reports:

One regression fix since 1.19.4 (mea culpa), and fixes for CVEs 2017-12176 through 2017-12187.


Discovery 2017-10-12
Entry 2017-10-13
xephyr
< 1.18.4_5,1

xorg-dmx
< 1.18.4_5,1

xorg-nestserver
< 1.19.1_2,2

xorg-server
< 1.18.4_5,1

xorg-vfbserver
< 1.19.1_2,1

xwayland
< 1.19.1_2

https://lists.x.org/archives/xorg-announce/2017-October/002814.html
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187