FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg-server -- Security issue in the X server

Affected packages
	xephyr	<	21.1.7,1
	xorg-server	<	21.1.7,1
	xorg-vfbserver	<	21.1.7,1
	xorg-nestserver	<	21.1.7,2
	xwayland	<	22.1.8,1
	xwayland-devel	<	21.0.99.1.386

Details

VuXML ID	6cc63bf5-a727-4155-8ec4-68b626475e68
Discovery	2023-02-07
Entry	2023-02-08

The X.org project reports:

CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses use-after-free
A dangling pointer in DeepCopyPointerClasses can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into freed memory.

[source]

References

CVE Name	CVE-2023-0494
URL	https://lists.x.org/archives/xorg-announce/2023-February/003320.html