Recent vulnerabilities in xorg-server
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Thu Jan 11 07:56:25 UTC 2007
Remko, good day!
> Thanks for the notification! We are kinda busy at the
> moment, so if you could spare a minute and write a
> VuXML entry (a draft would also suffice), we can
> more easily add it. If you are unable to do so, no
> probs, but it is likely to take a bit longer to
> get the things incorporated.
Attached. The discovery date is given by the date of the
original posts in Securityfocus bugtraq list:
http://www.securityfocus.com/archive/1/456437/30/0/threaded
http://www.securityfocus.com/archive/1/456434/30/0/threaded
http://www.securityfocus.com/archive/1/456434/30/0/threaded
The disclosure timeline is different (the same for all three posts):
-----
VIII. DISCLOSURE TIMELINE
12/04/2006 Initial vendor notification
12/05/2006 Initial vendor response
01/09/2007 Coordinated public disclosure
-----
> Thanks for using FreeBSD and your willingness to improve
> the product! It is being appriciated.
You're welcome ;))
--
Eygene
-------------- next part --------------
<vuln vid="yet-unknown">
<topic>xorg-server -- multiple vulnerabilities.</topic>
<affects>
<package>
<name>xorg-server</name>
<range><le>6.9.0_5</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html">
<h1>x11r6.9.0-dbe-render.diff</h1>
<p>CVE-2006-6101 CVE-2006-6102 CVE-2006-6103: The
ProcDbeGetVisualInfo(), ProcDbeSwapBuffer() and
ProcRenderAddGlyphs() functions in the X server, implementing
requests for the dbe and render extensions, may be used to
overwrite data on the stack or in other parts of the X
server memory.</p>
<h1>x11r6.9.0-cidfonts.diff</h1>
<p>CVE-2006-2006-3739 and CVE 2006-3740: It may be possible
for a user with the ability to set the X server font path,
by making it point to a malicious font, to cause arbitrary
code execution or denial of service on the X server.</p>
</blockquote>
</body>
</description>
<references>
<freebsdpr>ports/107733</freebsdpr>
<cvename>CVE-2006-3739</cvename>
<cvename>CVE-2006-3740</cvename>
<cvename>CVE-2006-6101</cvename>
<cvename>CVE-2006-6102</cvename>
<cvename>CVE-2006-6103</cvename>
<url>http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html</url>
</references>
<dates>
<discovery>2007-01-09</discovery>
<entry>2007-01-11</entry>
</dates>
</vuln>
More information about the freebsd-security
mailing list