[Bug 220584] x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jul 9 21:53:09 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220584
Bug ID: 220584
Summary: x11-servers/xorg-server: Security vulnerabilities
(CVE-2017-10971, CVE-2017-10972)
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://bugzilla.suse.com/show_bug.cgi?id=1035283
OS: Any
Status: New
Keywords: security
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: x11 at FreeBSD.org
Reporter: vlad-fbsd at acheronmedia.com
CC: ports-secteam at FreeBSD.org
Flags: maintainer-feedback?(x11 at FreeBSD.org)
Assignee: x11 at FreeBSD.org
Two security vulnerabilities have been found in xorg-server:
* CVE-2017-10971
Authenticated X users could overflow the stack in the X Server
(usually running as root) due to mishandling of X Events endianess.
* CVE-2017-10972
An information leak out of the X Server due to an uninitialized stack
area when swapping event endianess.
* Originally reported by SuSE:
https://bugzilla.suse.com/show_bug.cgi?id=1035283
* oss-seclist summary:
http://www.openwall.com/lists/oss-security/2017/07/06/6
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-x11
mailing list