Debian Xorg-Server vulnerabilities

CVE-2011-4028 [LOW] CVE-2011-4028: xorg-server - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows loca... The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. Scope: local bookworm: resolved (fixed in 2:1.11.1.901-2) bullseye: resolved (fixed in 2:1.11.1.901-2) forky: resolved (fixed in 2:1.11.1

CVE-2010-4818 [HIGH] CVE-2010-4818: xorg-server - The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to ca... The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. Scope: local bookworm: resolved (fix

CVE-2010-1166 [HIGH] CVE-2010-1166: xorg-server - The fbComposite function in fbpict.c in the Render extension in the X server in ... The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid:

CVE-2010-4819 [LOW] CVE-2010-4819: xorg-server - The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.... The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." Scope: local bookworm: resolved (fixed in 2:1.9.0.901-1) bullseye: resolved (fixed in 2:1.9.0.

CVE-2009-1573 [MEDIUM] CVE-2009-1573: xorg-server - xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operat... xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. Scope: local bookworm: resolved (fixed in 2:1.6.1.901-3) bullseye: resolved (fixed in 2:1.6.1.901-3) forky: resolved (fixed in 2:1.6

CVE-2008-2360 [CRITICAL] CVE-2008-2360: xorg-server - Integer overflow in the AllocateGlyph function in the Render extension in the X ... Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080517-2) bulls

CVE-2008-1377 [CRITICAL] CVE-2008-1377: xorg-server - The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in... The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes

CVE-2008-2362 [CRITICAL] CVE-2008-2362: xorg-server - Multiple integer overflows in the Render extension in the X server 1.4 in X.Org ... Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, whic

CVE-2008-0006 [HIGH] CVE-2008-0006: libxfont - Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXf... Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. Scope: local bookworm: resolved (fixed in 1:1.3.1-2) bullsey

CVE-2008-1379 [MEDIUM] CVE-2008-1379: xorg-server - Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X... Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080517-2) bullseye: resolved (fixed in 2:1.4.1~git20080517-2) forky: resolved (fix

CVE-2008-2361 [MEDIUM] CVE-2008-2361: xorg-server - Integer overflow in the ProcRenderCreateCursor function in the Render extension ... Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory. Scope: local bookworm: resolved (fixed i

CVE-2007-6429 [CRITICAL] CVE-2007-6429: xorg-server - Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent... Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in managem

CVE-2007-5760 [CRITICAL] CVE-2007-5760: xorg-server - Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 al... Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080105-2) bullseye: resolved (fixed in 2:1.4.1~git20080105-2) forky: resolved (fixed in 2:1.4.1~git20080105-2)

CVE-2007-6427 [HIGH] CVE-2007-6427: xorg-server - The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent atta... The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080105-2) bullseye: resolved (fixed in 2:1.4.1~git20080105-2) forky:

CVE-2007-3920 [MEDIUM] CVE-2007-3920: gnome-screensaver - GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly ... GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. Scope: local bookworm: resolved (fixed in 2.20.0-1.1) bullseye: resolved (fixed in 2.20.0-1.1) trixie: resolved

CVE-2007-5958 [MEDIUM] CVE-2007-5958: xorg-server - X.Org Xserver before 1.4.1 allows local users to determine the existence of arbi... X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080105-2) bullseye: resolved (fixed in 2:1.4.1~git20080105-2) forky: resolv

CVE-2007-6428 [MEDIUM] CVE-2007-6428: xorg-server - The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xs... The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. Scope: local bookworm: resolved (fixed in 2:1.4.1~git20080105-2) bullseye: resolved (fixed in 2:

CVE-2007-4730 [MEDIUM] CVE-2007-4730: xorg-server - Buffer overflow in the compNewPixmap function in compalloc.c in the Composite ex... Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Scope: local bookworm: resolved (fixed in 2:1.4-1) bullseye: resolved (fixed in 2:1.4-1) forky: resolved (fixed

CVE-2007-1003 [CRITICAL] CVE-2007-1003: xorg-server - Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the X... Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. Scope: local bookworm: resolved (fixed in 2:1.1.1-21) bullseye:

CVE-2007-2437 [MEDIUM] CVE-2007-2437: xorg-server - The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, wit... The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. Scope: local bookworm: resolved (fixed in 2:1.3