diff options
| author | AlanCoopersmith <AlanCoopersmith@web> | 2018-08-22 20:34:01 +0000 |
|---|---|---|
| committer | IkiWiki <ikiwiki.info> | 2018-08-22 20:34:01 +0000 |
| commit | 1d529030e0b5832ad27f01b49c4341b4979fee52 (patch) | |
| tree | c909cb78072e3fc78ff1e5c63f0c062ccd294208 /Development | |
| parent | 2b57096b3622040f6d44d560b16817844637fe51 (diff) | |
Add Oct 4. 2017 & Aug. 21 2018 advisories
Diffstat (limited to 'Development')
| -rw-r--r-- | Development/Security.mdwn | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/Development/Security.mdwn b/Development/Security.mdwn index b152b5a1..42fbdd4e 100644 --- a/Development/Security.mdwn +++ b/Development/Security.mdwn @@ -10,8 +10,17 @@ See the [[Security Checklist|Development/Security/Checklist]] for the list of th ## X.Org 7.7 +* Aug. 21, 2018 Protocol handling issues in libX11 + * libX11 can write out of bounds or crash if servers send invalid replies. CVE-2018-14598, CVE-2018-14599, CVE-2018-14600. + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2018-August/002915.html]] for more information. + +* Oct. 4, 2017 X server implementation issues in MIT-SHM & XKB extensions + * The X server can abort or overwrite the shared memory segment of another client if a client sends an invalid shared memory resource id. CVE-2017-13721. + * The X server can write out of bounds when handling XKB strings. CVE-2017-13723. + * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2017-October/002809.html]] for more information. + * Oct. 4, 2016 Protocol handling issues in X Window System client libraries - * X client libraries can overflow buffers or corrupt memory in clients if servers send invalid replies. CVE-2016-54-7. CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-5953. + * X client libraries can overflow buffers or corrupt memory in clients if servers send invalid replies. CVE-2016-5407. CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-5953. * Please see [[the advisory|https://lists.x.org/archives/xorg-announce/2016-October/002720.html]] ([[extended version|Development/Security/Advisory-2016-10-04]]) for more information. * Apr. 14, 2015 - Buffer overflow in `MakeBigReq` macro in libX11 prior to 1.6 |