SUSE-SU-2017:3025-1: moderate: Security update for xorg-x11-server

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Nov 16 10:09:12 MST 2017


   SUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:3025-1
Rating:             moderate
References:         #1025084 #1051150 #1063034 #1063035 #1063037 
                    #1063038 #1063039 #1063040 #1063041 
Cross-References:   CVE-2017-12176 CVE-2017-12177 CVE-2017-12178
                    CVE-2017-12179 CVE-2017-12180 CVE-2017-12181
                    CVE-2017-12182 CVE-2017-12183 CVE-2017-12184
                    CVE-2017-12185 CVE-2017-12186 CVE-2017-12187
                    CVE-2017-13723
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:

   This update for xorg-x11-server provides several fixes.

   These security issues were fixed:

   - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText
     and XkbStringText (bsc#1051150).
   - Improve the entropy when generating random data used in X.org server
     authorization cookies generation by using getentropy() and getrandom()
     when available (bsc#1025084)
   - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed
     unvalidated lengths in multiple extensions (bsc#1063034)
   - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension.
     (bsc#1063035)
   - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated
     lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions
     (bsc#1063037)
   - CVE-2017-12179: Fixed an integer overflow and unvalidated length in
     (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038)
   - CVE-2017-12178: Fixed a wrong extra length check in
     ProcXIChangeHierarchy in Xi (bsc#1063039)
   - CVE-2017-12177: Fixed an unvalidated variable-length request in
     ProcDbeGetVisualInfo (bsc#1063040)
   - CVE-2017-12176: Fixed an unvalidated extra length in
     ProcEstablishConnection (bsc#1063041)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-xorg-x11-server-13345=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-xorg-x11-server-13345=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-xorg-x11-server-13345=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-sdk-7.4-27.122.16.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-Xvnc-7.4-27.122.16.1
      xorg-x11-server-7.4-27.122.16.1
      xorg-x11-server-extra-7.4-27.122.16.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      xorg-x11-server-debuginfo-7.4-27.122.16.1
      xorg-x11-server-debugsource-7.4-27.122.16.1


References:

   https://www.suse.com/security/cve/CVE-2017-12176.html
   https://www.suse.com/security/cve/CVE-2017-12177.html
   https://www.suse.com/security/cve/CVE-2017-12178.html
   https://www.suse.com/security/cve/CVE-2017-12179.html
   https://www.suse.com/security/cve/CVE-2017-12180.html
   https://www.suse.com/security/cve/CVE-2017-12181.html
   https://www.suse.com/security/cve/CVE-2017-12182.html
   https://www.suse.com/security/cve/CVE-2017-12183.html
   https://www.suse.com/security/cve/CVE-2017-12184.html
   https://www.suse.com/security/cve/CVE-2017-12185.html
   https://www.suse.com/security/cve/CVE-2017-12186.html
   https://www.suse.com/security/cve/CVE-2017-12187.html
   https://www.suse.com/security/cve/CVE-2017-13723.html
   https://bugzilla.suse.com/1025084
   https://bugzilla.suse.com/1051150
   https://bugzilla.suse.com/1063034
   https://bugzilla.suse.com/1063035
   https://bugzilla.suse.com/1063037
   https://bugzilla.suse.com/1063038
   https://bugzilla.suse.com/1063039
   https://bugzilla.suse.com/1063040
   https://bugzilla.suse.com/1063041



More information about the sle-updates mailing list