Описание
Security update for xorg-x11-server
This update for xorg-x11-server provides the following fixes:
- CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
- Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
- CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
xorg-x11-server-7.6_1.15.2-53.3.1
xorg-x11-server-extra-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
xorg-x11-server-7.6_1.15.2-53.3.1
xorg-x11-server-extra-7.6_1.15.2-53.3.1
SUSE OpenStack Cloud 6
xorg-x11-server-7.6_1.15.2-53.3.1
xorg-x11-server-extra-7.6_1.15.2-53.3.1
Ссылки
- Link for SUSE-SU-2017:1859-1
- E-Mail link for SUSE-SU-2017:1859-1
- SUSE Security Ratings
- SUSE Bug 1035283
- SUSE CVE CVE-2017-10971 page
- SUSE CVE CVE-2017-10972 page
Описание
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:xorg-x11-server-extra-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:xorg-x11-server-extra-7.6_1.15.2-53.3.1
Ссылки
- CVE-2017-10971
- SUSE Bug 1035283
- SUSE Bug 1047730
Описание
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:xorg-x11-server-extra-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:xorg-x11-server-extra-7.6_1.15.2-53.3.1
Ссылки
- CVE-2017-10972
- SUSE Bug 1035283
- SUSE Bug 1047730