Univention Bugzilla – Bug 44973
xorg-server: Multiple issues (4.2)
Last modified: 2018-05-09 14:46:41 CEST
Upstream Debian package version 2:1.16.4-1+deb8u1 fixes: * In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. (CVE-2017-10971) * Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. (CVE-2017-10972)
Upstream Debian package version 2:1.16.4-1+deb8u2 fixes: * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) * Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (CVE-2017-12179) * hw/xfree86: unvalidated lengths (CVE-2017-12180) * hw/xfree86: unvalidated lengths (CVE-2017-12181) * hw/xfree86: unvalidated lengths (CVE-2017-12182) * xfixes: unvalidated lengths (CVE-2017-12183) * Unvalidated lengths (CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187) * In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. (CVE-2017-13721) * In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. (CVE-2017-13723)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
--- mirror/ftp/4.2/unmaintained/4.2-0/source/xorg-server_1.16.4-1.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/xorg-server_1.16.4-1+deb8u2.dsc @@ -1,3 +1,33 @@ +2:1.16.4-1+deb8u2 [Sat, 14 Oct 2017 12:35:36 +0200] Julien Cristau <jcristau@debian.org>: + + * render: Fix out of boundary heap access + * Xext/shm: Validate shmseg resource id (CVE-2017-13721) + * xkb: Escape non-printable characters correctly. + * xkb: Handle xkb formated string output safely (CVE-2017-13723) + * os: Make sure big requests have sufficient length. + * Unvalidated lengths in + - XFree86-VidModeExtension (CVE-2017-12180) + - XFree86-DGA (CVE-2017-12181) + - XFree86-DRI (CVE-2017-12182) + - XFIXES (CVE-2017-12183) + - XINERAMA (CVE-2017-12184) + - MIT-SCREEN-SAVER (CVE-2017-12185) + - X-Resource (CVE-2017-12186) + - RENDER (CVE-2017-12187) + * Xi: Test exact size of XIBarrierReleasePointer + * Xi: integer overflow and unvalidated length in + (S)ProcXIBarrierReleasePointer (CVE-2017-12179) + * Xi: Silence some tautological warnings + * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) + * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) + * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) + * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624) + * Xwayland: enable access control and default to just the local user (CVE-2015-3164) + +2:1.16.4-1+deb8u1 [Thu, 06 Jul 2017 22:34:31 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2017-10971 CVE-2017-10972 + 2:1.16.4-1 [Wed, 11 Feb 2015 01:26:07 +0100] Julien Cristau <jcristau@debian.org>: * New upstream release
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory adjusted: 95ac67164e | Sort CVEs
<http://errata.software-univention.de/ucs/4.2/418.html>