FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg-server -- Multiple Issues

Affected packages
xorg-server <= 1.18.4_6,1
1.19.0,1 <= xorg-server <= 1.19.3,1

Details

VuXML ID ab881a74-c016-4e6d-9f7d-68c8e7cedafb
Discovery 2017-07-06
Entry 2017-10-17
Modified 2018-05-20

xorg-server developers reports:

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

References

CVE Name CVE-2017-10971
CVE Name CVE-2017-10972
URL http://www.securityfocus.com/bid/99543
URL http://www.securityfocus.com/bid/99546
URL https://bugzilla.suse.com/show_bug.cgi?id=1035283
URL https://bugzilla.suse.com/show_bug.cgi?id=1035283
URL https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
URL https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
URL https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
URL https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455