diff options
| author | Niclas Zeising <zeising@FreeBSD.org> | 2013-06-04 19:31:29 +0000 |
|---|---|---|
| committer | Niclas Zeising <zeising@FreeBSD.org> | 2013-06-04 19:31:29 +0000 |
| commit | d516c8b6633c5fada67c3b1137057008c7553549 (patch) | |
| tree | b5553ea72e286d166ab601ab26b551eaadb9b1e9 /security/vuxml/vuln.xml | |
| parent | d5ff26dc8497868e13985e07980876af5dff9050 (diff) | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 31f44575cacd..beb43b760854 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,164 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2eebebff-cd3b-11e2-8f09-001b38c3836c"> + <topic>xorg -- protocol handling issues in X Window System client libraries</topic> + <affects> + <package> + <name>libX11</name> + <range><lt>1.6.0</lt></range> + </package> + <package> + <name>libXext</name> + <range><lt>1.3.2</lt></range> + </package> + <package> + <name>libXfixes</name> + <range><lt>5.0.1</lt></range> + </package> + <package> + <name>libXi</name> + <range><lt>1.7_1</lt></range> + </package> + <package> + <name>libXinerama</name> + <range><lt>1.1.3</lt></range> + </package> + <package> + <name>libXp</name> + <range><lt>1.0.2</lt></range> + </package> + <package> + <name>libXrandr</name> + <range><lt>1.4.1</lt></range> + </package> + <package> + <name>libXrender</name> + <range><lt>0.9.7_1</lt></range> + </package> + <package> + <name>libXres</name> + <range><lt>1.0.7</lt></range> + </package> + <package> + <name>libXtst</name> + <range><lt>1.2.2</lt></range> + </package> + <package> + <name>libXv</name> + <range><lt>1.0.8</lt></range> + </package> + <package> + <name>libXvMC</name> + <range><lt>1.0.7_1</lt></range> + </package> + <package> + <name>libXxf86dga</name> + <range><lt>1.1.4</lt></range> + </package> + <package> + <name>libdmx</name> + <range><lt>1.1.3</lt></range> + </package> + <package> + <name>libxcb</name> + <range><lt>1.9.1</lt></range> + </package> + <package> + <name>libGL</name> + <range> + <lt>7.6.1_4</lt> + <gt>7.8.0</gt><lt>8.0.5_4</lt> + </range> + </package> + <package> + <name>xf86-video-openchrome</name> + <range><lt>0.3.3</lt></range> + </package> + <package> + <name>libFS</name> + <range><lt>1.0.5</lt></range> + </package> + <package> + <name>libXxf86vm</name> + <range><lt>1.1.3</lt></range> + </package> + <package> + <name>libXt</name> + <range><lt>1.1.4</lt></range> + </package> + <package> + <name>libXcursor</name> + <range><lt>1.1.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>freedesktop.org reports:</p> + <blockquote cite="http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"> + <p>Ilja van Sprundel, a security researcher with IOActive, has + discovered a large number of issues in the way various X client + libraries handle the responses they receive from servers, and has + worked with X.Org's security team to analyze, confirm, and fix + these issues.</p> + <p>Most of these issues stem from the client libraries trusting the + server to send correct protocol data, and not verifying that the + values will not overflow or cause other damage. Most of the time X + clients & servers are run by the same user, with the server + more privileged from the clients, so this is not a problem, but + there are scenarios in which a privileged client can be connected + to an unprivileged server, for instance, connecting a setuid X + client (such as a screen lock program) to a virtual X server (such + as Xvfb or Xephyr) which the user has modified to return invalid + data, potentially allowing the user to escalate their privileges.</p> + <p>The vulnerabilities include:</p> + <p>Integer overflows calculating memory needs for replies.</p> + <p>Sign extension issues calculating memory needs for replies.</p> + <p>Buffer overflows due to not validating length or offset values in + replies.</p> + <p>Integer overflows parsing user-specified files.</p> + <p>Unbounded recursion parsing user-specified files.</p> + <p>Memory corruption due to unchecked return values.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1981</cvename> + <cvename>CVE-2013-1982</cvename> + <cvename>CVE-2013-1983</cvename> + <cvename>CVE-2013-1984</cvename> + <cvename>CVE-2013-1985</cvename> + <cvename>CVE-2013-1986</cvename> + <cvename>CVE-2013-1987</cvename> + <cvename>CVE-2013-1988</cvename> + <cvename>CVE-2013-1989</cvename> + <cvename>CVE-2013-1990</cvename> + <cvename>CVE-2013-1991</cvename> + <cvename>CVE-2013-1992</cvename> + <cvename>CVE-2013-1993</cvename> + <cvename>CVE-2013-1994</cvename> + <cvename>CVE-2013-1995</cvename> + <cvename>CVE-2013-1996</cvename> + <cvename>CVE-2013-1997</cvename> + <cvename>CVE-2013-1998</cvename> + <cvename>CVE-2013-1999</cvename> + <cvename>CVE-2013-2000</cvename> + <cvename>CVE-2013-2001</cvename> + <cvename>CVE-2013-2002</cvename> + <cvename>CVE-2013-2003</cvename> + <cvename>CVE-2013-2004</cvename> + <cvename>CVE-2013-2005</cvename> + <cvename>CVE-2013-2062</cvename> + <cvename>CVE-2013-2063</cvename> + <cvename>CVE-2013-2064</cvename> + <cvename>CVE-2013-2066</cvename> + </references> + <dates> + <discovery>2013-05-23</discovery> + <entry>2013-06-04</entry> + </dates> + </vuln> + <vuln vid="e3f64457-cccd-11e2-af76-206a8a720317"> <topic>krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]</topic> <affects> |