Date: Sun, 17 Dec 2017 18:50:00 +0000 (UTC) From: Niclas Zeising <zeising@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r456560 - head/security/vuxml Message-ID: <201712171850.vBHIo09A039344@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zeising Date: Sun Dec 17 18:50:00 2017 New Revision: 456560 URL: https://svnweb.freebsd.org/changeset/ports/456560 Log: Document multiple vulnerabilities in libXfont and libXfont2. The first two vulnerabilities are memory leaks when reading past valid memory. The last vulnerability is the possibility for an unprivileged X client to read privileged files through symlinks CVE-2017-13720 CVE-2017-13722 CVE-2017-16611 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Dec 17 16:46:05 2017 (r456559) +++ head/security/vuxml/vuln.xml Sun Dec 17 18:50:00 2017 (r456560) @@ -58,6 +58,79 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="08a125f3-e35a-11e7-a293-54e1ad3d6335"> + <topic>libXfont -- permission bypass when opening files through symlinks</topic> + <affects> + <package> + <name>libXfont</name> + <range><lt>1.5.4</lt></range> + </package> + <package> + <name>libXfont2</name> + <range><lt>2.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>the freedesktop.org project reports:</p> + <blockquote cite="https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8">; + <p>A non-privileged X client can instruct X server running under root + to open any file by creating own directory with "fonts.dir", + "fonts.alias" or any font file being a symbolic link to any other + file in the system. X server will then open it. This can be issue + with special files such as /dev/watchdog.</p> + </blockquote> + </body> + </description> + <references> + <url>https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8</url>; + <cvename>CVE-2017-16611</cvename> + </references> + <dates> + <discovery>2017-11-25</discovery> + <entry>2017-12-17</entry> + </dates> + </vuln> + + <vuln vid="3b9590a1-e358-11e7-a293-54e1ad3d6335"> + <topic>libXfont -- multiple memory leaks</topic> + <affects> + <package> + <name>libXfont</name> + <range><lt>1.5.3</lt></range> + </package> + <package> + <name>libXfont2</name> + <range><lt>2.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The freedesktop.org project reports:</p> + <blockquote cite="https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608">; + <p>If a pattern contains '?' character, any character in the string + is skipped, even if it is '\0'. The rest of the matching then reads + invalid memory.</p> + </blockquote> + <blockquote cite="https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902906bcd">; + <p>Without the checks a malformed PCF file can cause the library to + make atom from random heap memory that was behind the `strings` + buffer. This may crash the process or leak information.</p> + </blockquote> + </body> + </description> + <references> + <url>https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608</url>; + <url>https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd</url>; + <cvename>CVE-2017-13720</cvename> + <cvename>CVE-2017-13722</cvename> + </references> + <dates> + <discovery>2017-10-04</discovery> + <entry>2017-12-17</entry> + </dates> + </vuln> + <vuln vid="ddecde18-e33b-11e7-a293-54e1ad3d6335"> <topic>libXcursor -- integer overflow that can lead to heap buffer overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712171850.vBHIo09A039344>