From owner-freebsd-x11@freebsd.org  Sat Oct 27 21:00:24 2018
Return-Path: <owner-freebsd-x11@freebsd.org>
Delivered-To: freebsd-x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A16C510D311B
 for <freebsd-x11@mailman.ysv.freebsd.org>;
 Sat, 27 Oct 2018 21:00:24 +0000 (UTC)
 (envelope-from zeising@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id CCBA97AA5A
 for <freebsd-x11@freebsd.org>; Sat, 27 Oct 2018 21:00:23 +0000 (UTC)
 (envelope-from zeising@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 871F110D310E; Sat, 27 Oct 2018 21:00:23 +0000 (UTC)
Delivered-To: x11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73F7C10D3108;
 Sat, 27 Oct 2018 21:00:23 +0000 (UTC)
 (envelope-from zeising@freebsd.org)
Received: from mail.daemonic.se (mail.daemonic.se [IPv6:2607:f740:d:20::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 11FCA7AA56;
 Sat, 27 Oct 2018 21:00:23 +0000 (UTC)
 (envelope-from zeising@freebsd.org)
Received: from cid.daemonic.se (localhost [IPv6:::1])
 by mail.daemonic.se (Postfix) with ESMTP id 42jCtY3sgdzDhyN;
 Sat, 27 Oct 2018 21:00:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at daemonic.se
Received: from mail.daemonic.se ([127.0.0.1]) (using TLS with cipher
 ECDHE-RSA-AES128-GCM-SHA256)
 by cid.daemonic.se (mailscanner.daemonic.se [127.0.0.1]) (amavisd-new,
 port 10587)
 with ESMTPS id qKLcVUkzsRmF; Sat, 27 Oct 2018 21:00:20 +0000 (UTC)
Received: from garnet.daemonic.se (unknown
 [IPv6:2001:470:dca9:201:9eda:3eff:fe70:24c0])
 by mail.daemonic.se (Postfix) with ESMTPSA id 42jCtX4bbZzDhyM;
 Sat, 27 Oct 2018 21:00:20 +0000 (UTC)
From: Niclas Zeising <zeising@freebsd.org>
Subject: FreeBSD x11-servers/xorg-server and CVE-2018-14665
To: current@freebsd.org, stable@freebsd.org, x11@freebsd.org, ports@freebsd.org
Reply-To: x11@freebsd.org
Message-ID: <e00b6d8e-6176-4517-af26-402c63ebafde@freebsd.org>
Date: Sat, 27 Oct 2018 23:00:19 +0200
User-Agent: Mutt/1.5.21
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-x11@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: X11 on FreeBSD -- maintaining and support <freebsd-x11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-x11/>
List-Post: <mailto:freebsd-x11@freebsd.org>
List-Help: <mailto:freebsd-x11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-x11>,
 <mailto:freebsd-x11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2018 21:00:24 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[ cross posted to several FreeBSD lists.
Please keep replies to x11@FreeBSD.org ]

Hi!
As some of you are aware, the X.org project posted a security advisory
on October 25 regarding a vulnerability in xorg-server [1].
This has been given the identifier CVE-2018-14665 [2].

The version of xorg-server in the FreeBSD ports tree is not vulnerable.

In short, there is a vulnerability in versions 1.19 through 1.20.2 of
xorg-server, when installed setuid root, which allows an attacker to
overwrite or create any file on the system.  By using this
vulnerability, a local user can gain root privileges.  There are several
articles about this [3] [4].

The code in question was introduced on xorg-server 1.19, and as FreeBSD
is still using xorg-server 1.18.4 we are not vulnerable to this issue.

If you have questions or comments regarding this, don't hesitate to
contact me or to send a message to the x11@FreeBSD.org mailing list.

Regards
- -- 
Niclas Zeising
FreeBSD X11/Graphics Team

[1] https://lists.x.org/archives/xorg-announce/2018-October/002927.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-14665
[3] 
https://arstechnica.com/information-technology/2018/10/x-org-bug-that-gives-attackers-root-bites-openbsd-and-other-big-name-oses/
[4] https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+Ll/478KgNjo+JKEu41LV7uLVVEFAlvU0WMACgkQu41LV7uL
VVGgBw/+O7pIgdU5IvommsSetDAHPmdq3wy2j5mnWTjZXxz4qRe6pVJ6a0hJdkLw
8eSZGvPSo05Tnzk3Vx0cFdZ0hPIxm6Yp7dDpO6sXKDlxQrqDoxjPkjGMPj0897F+
4hw7RWW9O5EEDlBHjL8+Uektkk2N7MjrlbNc2IZ+eHnH8XjQ5yDOFHT9NKLeAZeP
ReJR/kN/+tW9VtzJtolk7vnksc8OF8ortsPX7dEXzoc1uHwppEoDlwQZrVRVuyCk
j6JzrOthEVEnxvdvVmcQueijhzKE/2g1Ix82gYEfcHA1172kMWJka1m9Og2mKGqW
8aqKilpCv6koPXtWACeG5P8nG9+SpDH6HMhjpjQqdKG80x+0I9dbAu5mL9fTVKjp
iFcY+8EQzsUYHEkvS9qk4dgiMR7MMXPM3JtOQOQ94hjoFcIp9toqeDr9U2DuRxAS
LC4EQ1heaiqEtlCOMfkX5BExpBQ3fs+JrTqcDtIHujp7Cv8p19fhmehoXc3hzL0z
xco1ubCOmLmR6Yed+BUxBcguMn37vE6KXDMoW0yQ/jmYt9a4EtECh/bTun81DZwN
gEaFqutcnxzX1AWrYv92VT65OnA9pFXjmb4oU9OQRAiwnP7a8Is0nc7fnSrdtO/Y
CoHWnZKI3hoMMWSXsfEc67RNtJyUnnGLHVvIt1VWrkL1+/WCm6k=
=xBK6
-----END PGP SIGNATURE-----