Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following vulnerabilities:
- CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection (bsc#1063041)
- CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040)
- CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy (bsc#1063039)
- CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (bsc#1063038)
- CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Unvalidated lengths in XFree86-VidMode/XFree86-DGA/XFree86-DRI extension (bsc#1063037)
- CVE-2017-12183: Unvalidated lengths in XFIXES extension (bsc#1063035)
- CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Unvalidated lengths in multiple extensions (bsc#1063034)
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2823-1
- SUSE Security Ratings
Описание
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12176
- SUSE Bug 1063041
Описание
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12177
- SUSE Bug 1063040
Описание
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12178
- SUSE Bug 1063039
Описание
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12179
- SUSE Bug 1063038
Описание
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12180
- SUSE Bug 1063037
Описание
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12181
- SUSE Bug 1063037
Описание
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12182
- SUSE Bug 1063037
Описание
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12183
- SUSE Bug 1063035
Описание
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12184
- SUSE Bug 1063034
Описание
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12185
- SUSE Bug 1063034
Описание
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12186
- SUSE Bug 1063034
Описание
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-12187
- SUSE Bug 1063034