diff options
| author | Florent Thoumie <flz@FreeBSD.org> | 2008-01-23 12:11:55 +0000 |
|---|---|---|
| committer | Florent Thoumie <flz@FreeBSD.org> | 2008-01-23 12:11:55 +0000 |
| commit | 10682b106413fccf6286c3bc9533c3b719f67fcb (patch) | |
| tree | 0c20e2ac716d38d223f4e55235a843b1206fedd9 | |
| parent | - Update to 2.5-20080116 (2.5.0-RC2) (diff) | |
Document xorg -- multiple vulnerabilities.
Reviewed by: miwi
Notes
Notes:
svn path=/head/; revision=206060
| -rw-r--r-- | security/vuxml/vuln.xml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5742ec65b70c..a7747b8c4497 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,58 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="fe2b6597-c9a4-11dc-8da8-0008a18a9961"> + <topic>xorg -- multiple vulnerabilities</topic> + <affects> + <package> + <name>xorg-server</name> + <range><lt>1.4_4,1</lt></range> + </package> + <package> + <name>libXfont</name> + <range><lt>1.3.1_2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthieu Herrb of X.Org reports:</p> + <blockquote cite="http://lists.freedesktop.org/archives/xorg/2008-January/031918.html"> + <p>Several vulnerabilities have been identified in server code + of the X window system caused by lack of proper input validation + on user controlled data in various parts of the software, + causing various kinds of overflows.</p> + <p>Exploiting these overflows will crash the X server or, + under certain circumstances allow the execution of arbitray + machine code.</p> + <p>When the X server is running with root privileges (which is the + case for the Xorg server and for most kdrive based servers), + these vulnerabilities can thus also be used to raise + privileges.</p> + <p>All these vulnerabilities, to be exploited succesfully, require + either an already established connection to a running X server + (and normally running X servers are only accepting authenticated + connections), or a shell access with a valid user on the machine + where the vulnerable server is installed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-5760</cvename> + <cvename>CVE-2007-5958</cvename> + <cvename>CVE-2007-6427</cvename> + <cvename>CVE-2007-6428</cvename> + <cvename>CVE-2007-6429</cvename> + <cvename>CVE-2008-0006</cvename> + <url>http://lists.freedesktop.org/archives/xorg/2008-January/031918.html</url> + <url>http://lists.freedesktop.org/archives/xorg/2008-January/032099.html</url> + <url>http://secunia.com/advisories/28532/</url> + </references> + <dates> + <discovery>2008-01-18</discovery> + <entry>2008-01-23</entry> + </dates> + </vuln> + <vuln vid="024edd06-c933-11dc-810c-0016179b2dd5"> <topic>xfce -- multiple vulnerabilities</topic> <affects> |