maintainer-feedback requested: [Bug 220584] x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jul 9 21:53:08 UTC 2017
Vladimir Krstulja <vlad-fbsd at acheronmedia.com> has reassigned Bugzilla
Automation <bugzilla at FreeBSD.org>'s request for maintainer-feedback to
x11 at FreeBSD.org:
Bug 220584: x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971,
CVE-2017-10972)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220584
--- Description ---
Two security vulnerabilities have been found in xorg-server:
* CVE-2017-10971
Authenticated X users could overflow the stack in the X Server
(usually running as root) due to mishandling of X Events endianess.
* CVE-2017-10972
An information leak out of the X Server due to an uninitialized stack
area when swapping event endianess.
* Originally reported by SuSE:
https://bugzilla.suse.com/show_bug.cgi?id=1035283
* oss-seclist summary:
http://www.openwall.com/lists/oss-security/2017/07/06/6
More information about the freebsd-x11
mailing list