From owner-freebsd-security@FreeBSD.ORG Tue Jan 16 08:29:34 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3BC516A40F; Tue, 16 Jan 2007 08:29:34 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 5C27213C45E; Tue, 16 Jan 2007 08:29:34 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1H6jhB-0000Ma-N0; Tue, 16 Jan 2007 11:29:30 +0300 Date: Tue, 16 Jan 2007 11:29:22 +0300 From: Eygene Ryabinkin To: Remko Lodder Message-ID: <20070116082922.GA1035@codelabs.ru> References: <20070111064156.GM14822@codelabs.ru> <20070111072235.GA79783@elvandar.org> <20070111075616.GB20642@codelabs.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20070111075616.GB20642@codelabs.ru> Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-3.5 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_00 Cc: freebsd-security@freebsd.org, cperciva@freebsd.org Subject: Re: Recent vulnerabilities in xorg-server X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2007 08:29:34 -0000 Gentlemen! May I remind you about Xorg issues. Or you're already identified them as false-positive? I can not see the vulnerability in the http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/vuln.xml?rev=. so I assume that it was either considered false or not yes processed. Thanks! Thu, Jan 11, 2007 at 10:56:16AM +0300, Eygene Ryabinkin wrote: > Remko, good day! > > > Thanks for the notification! We are kinda busy at the > > moment, so if you could spare a minute and write a > > VuXML entry (a draft would also suffice), we can > > more easily add it. If you are unable to do so, no > > probs, but it is likely to take a bit longer to > > get the things incorporated. > Attached. The discovery date is given by the date of the > original posts in Securityfocus bugtraq list: > http://www.securityfocus.com/archive/1/456437/30/0/threaded > http://www.securityfocus.com/archive/1/456434/30/0/threaded > http://www.securityfocus.com/archive/1/456434/30/0/threaded > > The disclosure timeline is different (the same for all three posts): > ----- > VIII. DISCLOSURE TIMELINE > > 12/04/2006 Initial vendor notification > 12/05/2006 Initial vendor response > 01/09/2007 Coordinated public disclosure > ----- > > > Thanks for using FreeBSD and your willingness to improve > > the product! It is being appriciated. > You're welcome ;)) > -- > Eygene > > xorg-server -- multiple vulnerabilities. > > > xorg-server > 6.9.0_5 > > > > >

>
x11r6.9.0-dbe-render.diff
>
CVE-2006-6101 CVE-2006-6102 CVE-2006-6103: The > ProcDbeGetVisualInfo(), ProcDbeSwapBuffer() and > ProcRenderAddGlyphs() functions in the X server, implementing > requests for the dbe and render extensions, may be used to > overwrite data on the stack or in other parts of the X > server memory.
>
x11r6.9.0-cidfonts.diff
>
CVE-2006-2006-3739 and CVE 2006-3740: It may be possible > for a user with the ability to set the X server font path, > by making it point to a malicious font, to cause arbitrary > code execution or denial of service on the X server.
>

> > > > ports/107733 > CVE-2006-3739 > CVE-2006-3740 > CVE-2006-6101 > CVE-2006-6102 > CVE-2006-6103 > http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html > > > 2007-01-09 > 2007-01-11 > > -- Eygene