Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
- Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
- CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
- Improve retrieval of entropy for generating random authentication cookies (boo#1025084)
Список пакетов
openSUSE Leap 42.2
xorg-x11-server-7.6_1.18.3-12.20.1
xorg-x11-server-extra-7.6_1.18.3-12.20.1
xorg-x11-server-sdk-7.6_1.18.3-12.20.1
xorg-x11-server-source-7.6_1.18.3-12.20.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1885-1
- SUSE Security Ratings
Описание
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Затронутые продукты
openSUSE Leap 42.2:xorg-x11-server-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-extra-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-sdk-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-source-7.6_1.18.3-12.20.1
Ссылки
- CVE-2017-10971
- SUSE Bug 1035283
- SUSE Bug 1047730
Описание
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
Затронутые продукты
openSUSE Leap 42.2:xorg-x11-server-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-extra-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-sdk-7.6_1.18.3-12.20.1
openSUSE Leap 42.2:xorg-x11-server-source-7.6_1.18.3-12.20.1
Ссылки
- CVE-2017-10972
- SUSE Bug 1035283
- SUSE Bug 1047730