[Bug 220584] x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jul 9 21:53:09 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220584

            Bug ID: 220584
           Summary: x11-servers/xorg-server: Security vulnerabilities
                    (CVE-2017-10971, CVE-2017-10972)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://bugzilla.suse.com/show_bug.cgi?id=1035283
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: x11 at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(x11 at FreeBSD.org)
          Assignee: x11 at FreeBSD.org

Two security vulnerabilities have been found in xorg-server:

* CVE-2017-10971

  Authenticated X users could overflow the stack in the X Server
  (usually running as root) due to mishandling of X Events endianess.

* CVE-2017-10972

  An information leak out of the X Server due to an uninitialized stack
  area when swapping event endianess.

* Originally reported by SuSE:

  https://bugzilla.suse.com/show_bug.cgi?id=1035283

* oss-seclist summary:

  http://www.openwall.com/lists/oss-security/2017/07/06/6

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-x11 mailing list