Описание
Security update for xorg-x11-server
This update for xorg-x11-server provides the following fixes:
- CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
- Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
- CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
xorg-x11-server-7.6_1.18.3-74.2
xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12 SP2
xorg-x11-server-7.6_1.18.3-74.2
xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
xorg-x11-server-7.6_1.18.3-74.2
xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
xorg-x11-server-7.6_1.18.3-74.2
xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Software Development Kit 12 SP2
xorg-x11-server-sdk-7.6_1.18.3-74.2
Ссылки
- Link for SUSE-SU-2017:1860-1
- E-Mail link for SUSE-SU-2017:1860-1
- SUSE Security Ratings
- SUSE Bug 1035283
- SUSE CVE CVE-2017-10971 page
- SUSE CVE CVE-2017-10972 page
Описание
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-74.2
Ссылки
- CVE-2017-10971
- SUSE Bug 1035283
- SUSE Bug 1047730
Описание
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Desktop 12 SP2:xorg-x11-server-extra-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12 SP2:xorg-x11-server-extra-7.6_1.18.3-74.2
Ссылки
- CVE-2017-10972
- SUSE Bug 1035283
- SUSE Bug 1047730