Date: Thu, 4 Apr 2024 06:28:47 GMT From: Emmanuel Vadot <manu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 9661a37b4dff - main - security/vuxml: Document recent xorg-server and xwayland vulnerabilities Message-ID: <202404040628.4346SlPx033968@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/ports/commit/?id=9661a37b4dffe2a4fc19d402031477e25df6590a commit 9661a37b4dffe2a4fc19d402031477e25df6590a Author: Emmanuel Vadot <manu@FreeBSD.org> AuthorDate: 2024-04-04 06:28:07 +0000 Commit: Emmanuel Vadot <manu@FreeBSD.org> CommitDate: 2024-04-04 06:28:42 +0000 security/vuxml: Document recent xorg-server and xwayland vulnerabilities Sponsored by: Beckhoff Automation GmbH & Co. KG --- security/vuxml/vuln/2024.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 75d8b3518d0e..cf1a6d98f750 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,72 @@ + <vuln vid="57561cfc-f24b-11ee-9730-001fc69cd6dc"> + <topic>xorg server -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>xorg-server</name> + <name>xephyr</name> + <name>xorg-vfbserver</name> + <range><lt>21.1.12,1</lt></range> + </package> + <package> + <name>xorg-nextserver</name> + <range><lt>21.1.12,2</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>23.2.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The X.Org project reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2024-April/003497.html">; + <ul> + <li> + CVE-2024-31080: Heap buffer overread/data leakage in + ProcXIGetSelectedEvents + + <p>The ProcXIGetSelectedEvents() function uses the byte-swapped + length of the return data for the amount of data to return to + the client, if the client has a different endianness than + the X server.</p> + </li> + <li>CVE-2024-31081: Heap buffer overread/data leakage in + ProcXIPassiveGrabDevice + + <p>The ProcXIPassiveGrabDevice() function uses the byte-swapped + length of the return data for the amount of data to return to + the client, if the client has a different endianness than + the X server.</p> + </li> + + <li>CVE-2024-31083: User-after-free in ProcRenderAddGlyphs + + <p>The ProcRenderAddGlyphs() function calls the AllocateGlyph() + function to store new glyphs sent by the client to the X server. + AllocateGlyph() would return a new glyph with refcount=0 and + a re-used glyph would end up not changing the refcount at all. + The resulting glyph_new array would thus have multiple entries + pointing to the same non-refcounted glyphs. + + ProcRenderAddGlyphs() may free a glyph, resulting in a + use-after-free when the same glyph pointer is then later used.</p> + </li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-31080</cvename> + <cvename>CVE-2024-31081</cvename> + <cvename>CVE-2024-31083</cvename> + <url>https://lists.x.org/archives/xorg-announce/2024-April/003497.html</url>; + </references> + <dates> + <discovery>2024-04-03</discovery> + <entry>2024-04-04</entry> + </dates> + </vuln> + <vuln vid="2e3bea0c-f110-11ee-bc57-00e081b7aa2d"> <topic>jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404040628.4346SlPx033968>