similar to: X.Org Security Advisory: CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers

This includes various fixes, including a regression from the previous security patches, plus today's xkb security fix (http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/) Thanks to Dave Airlie for collecting most of those. Cheers, Julien Adam Jackson (1): dix: make RegionInit legal C++ Chris Wilson (1): dri2: SourceOffloads may be for DRI3 only Dave Airlie (2):

Fixes for CVE 2015-0255. See Peter's associated email for more details. Keith Packard (1): Release 1.17.1 Olivier Fourdan (2): xkb: Don't swap XkbSetGeometry data in the input buffer xkb: Check strings length against request size git tag: xorg-server-1.17.1 http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.17.1.tar.bz2 MD5:

###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory February 24, 1997

-----BEGIN PGP SIGNED MESSAGE----- Buffer overflow in the resource handling code of the libXt (X11R6) Thu May 29, 1997 Distribution of this document is unlimited Copyright (C) Alexander O. Yuriev (alex@yuriev.com) Net Access Abstract A buffer overflow was found in the resource handling

CentOS Errata and Security Advisory 2014:0255 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0255.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ccf0b976f7f4e4013a0fe1a7b9bec5717c823535a62d5737ea0c9fbd93b13c1e mod_dav_svn-1.6.11-12.el5_10.i386.rpm

CentOS Errata and Security Advisory 2014:0255 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0255.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: fbcfb2bcf52bf8bbe142eaf4c1ff44b4423c2d1cd9ef5f5e6c6031ac7b0bd84b mod_dav_svn-1.6.11-10.el6_5.i686.rpm

CentOS Errata and Bugfix Advisory 2020:0255 Upstream details at : https://access.redhat.com/errata/RHBA-2020:0255 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 123572152351b684e6e916ff84a4ec8fdb161c05d05edced883d375aae38c837 poppler-0.12.4-12.el6_10.1.i686.rpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4494 / XSA-73 version 3 Lock order reversal between page allocation and grant table locks UPDATES IN VERSION 3 ==================== The issue has been assigned CVE-2013-4494. NOTE REGARDING LACK OF EMBARGO ============================== While the response to this issue

Hello! Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028). The problem affects nginx 1.3.9 - 1.4.0. The problem is fixed in nginx 1.5.0, 1.4.1. Patch for the problem can be

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3496 / XSA-14 version 3 XENMEM_populate_physmap DoS vulnerability UPDATES IN VERSION 3 ==================== Public release. Credit Matthew Daley. ISSUE DESCRIPTION ================= XENMEM_populate_physmap can be called with invalid flags. By calling it with

16.01.2013 18:50, Xen.org security team пишет: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Xen Security Advisory CVE-2012-6075 / XSA-41 > qemu (e1000 device driver): Buffer overflow when processing large packets > > SUMMARY AND SOURCES OF INFORMATION > ================================== > > An issue in qemu has been disclosed which we believe affects

X.Org Security Advisory: March 29, 2023 X.Org Server Overlay Window Use-After-Free ========================================== This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2072 / XSA-56 version 2 Buffer overflow in xencontrol Python bindings affecting xend UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Python bindings for the xc_vcpu_setaffinity call do not properly check their inputs. Systems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4375 / XSA-71 version 2 qemu disk backend (qdisk) resource leak UPDATES IN VERSION 2 ==================== Public release Fix patch header corruption in xsa71-qemu-xen-unstable.patch. ISSUE DESCRIPTION ================= The qdisk PV disk backend in the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4411 / XSA-19 version 2 guest administrator can access qemu monitor console UPDATES IN VERSION 2 ==================== We have now been issued with a CVE number. ISSUE DESCRIPTION ================= A guest administrator who is granted access to the graphical console of a Xen guest

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1917 / XSA-44 version 2 Xen PV DoS vulnerability with SYSENTER UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The SYSENTER instruction can be used by PV guests to accelerate system call processing. This

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-3495 / XSA-59 version 4 Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts UPDATES IN VERSION 4 ==================== Public release. Extensive changes to Description, Vulnerable Systems and Mitigation. Additional technical information has been