diff options
| author | feld <feld@FreeBSD.org> | 2018-04-05 22:15:04 +0800 |
|---|---|---|
| committer | feld <feld@FreeBSD.org> | 2018-04-05 22:15:04 +0800 |
| commit | f9b9f313de1207cbe82bb0ae67e4ebf7bc17b4cf (patch) | |
| tree | 1282027041e628529f3eb1354c8e4b609bdcb48e /security | |
| parent | d2d0f3c88d5e10115eec0228ec6e3b6f34ee970d (diff) | |
| download | freebsd-ports-gnome-f9b9f313de1207cbe82bb0ae67e4ebf7bc17b4cf.tar.gz freebsd-ports-gnome-f9b9f313de1207cbe82bb0ae67e4ebf7bc17b4cf.tar.zst freebsd-ports-gnome-f9b9f313de1207cbe82bb0ae67e4ebf7bc17b4cf.zip | |
Document FreeBSD-SA-18:04.vt
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8552475ec595..795069bf8cab 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a5cf3ecd-38db-11e8-8b7f-a4badb2f469b"> + <topic>FreeBSD -- vt console memory disclosure</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>11.1</ge><lt>11.1_9</lt></range> + <range><ge>10.4</ge><lt>10.4_8</lt></range> + <range><ge>10.3</ge><lt>10.3_29</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Insufficient validation of user-provided font parameters + can result in an integer overflow, leading to the use of + arbitrary kernel memory as glyph data. Characters that + reference this data can be displayed on the screen, effectively + disclosing kernel memory.</p> + <h1>Impact:</h1> + <p>Unprivileged users may be able to access privileged + kernel data.</p> + <p>Such memory might contain sensitive information, such + as portions of the file cache or terminal buffers. This + information might be directly useful, or it might be leveraged + to obtain elevated privileges in some way; for example, a + terminal buffer might include a user-entered password.</p> + </body> + </description> + <references> + <cvename>CVE-2018-6917</cvename> + <freebsdsa>SA-18:04.vt</freebsdsa> + </references> + <dates> + <discovery>2018-04-04</discovery> + <entry>2018-04-05</entry> + </dates> + </vuln> + <vuln vid="cdb4d962-34f9-11e8-92db-080027907385"> <topic>moodle -- multiple vulnerabilities</topic> <affects> |