Date: Sun, 09 Jul 2017 21:53:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 220584] x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972) Message-ID: <bug-220584-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220584 Bug ID: 220584 Summary: x11-servers/xorg-server: Security vulnerabilities (CVE-2017-10971, CVE-2017-10972) Product: Ports & Packages Version: Latest Hardware: Any URL: https://bugzilla.suse.com/show_bug.cgi?id=3D1035283 OS: Any Status: New Keywords: security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: x11@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: ports-secteam@FreeBSD.org Flags: maintainer-feedback?(x11@FreeBSD.org) Assignee: x11@FreeBSD.org Two security vulnerabilities have been found in xorg-server: * CVE-2017-10971 Authenticated X users could overflow the stack in the X Server (usually running as root) due to mishandling of X Events endianess. * CVE-2017-10972 An information leak out of the X Server due to an uninitialized stack area when swapping event endianess. * Originally reported by SuSE: https://bugzilla.suse.com/show_bug.cgi?id=3D1035283 * oss-seclist summary: http://www.openwall.com/lists/oss-security/2017/07/06/6 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220584-13>