Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
- Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
- CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
xorg-x11-Xvnc-7.4-27.121.2
xorg-x11-server-7.4-27.121.2
xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server 11 SP3-LTSS
xorg-x11-Xvnc-7.4-27.121.2
xorg-x11-server-7.4-27.121.2
xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
xorg-x11-Xvnc-7.4-27.121.2
xorg-x11-server-7.4-27.121.2
xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server 11 SP4
xorg-x11-Xvnc-7.4-27.121.2
xorg-x11-server-7.4-27.121.2
xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xorg-x11-Xvnc-7.4-27.121.2
xorg-x11-server-7.4-27.121.2
xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Software Development Kit 11 SP4
xorg-x11-server-sdk-7.4-27.121.2
Ссылки
- Link for SUSE-SU-2017:1850-1
- E-Mail link for SUSE-SU-2017:1850-1
- SUSE Security Ratings
- SUSE Bug 1035283
- SUSE CVE CVE-2017-10971 page
- SUSE CVE CVE-2017-10972 page
Описание
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-Xvnc-7.4-27.121.2
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-Xvnc-7.4-27.121.2
Ссылки
- CVE-2017-10971
- SUSE Bug 1035283
- SUSE Bug 1047730
Описание
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-Xvnc-7.4-27.121.2
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Point of Sale 11 SP3:xorg-x11-server-extra-7.4-27.121.2
SUSE Linux Enterprise Server 11 SP3-LTSS:xorg-x11-Xvnc-7.4-27.121.2
Ссылки
- CVE-2017-10972
- SUSE Bug 1035283
- SUSE Bug 1047730