SUSE-SU-2017:3025-1: moderate: Security update for xorg-x11-server

sle-security-updates at sle-security-updates at
Thu Nov 16 10:09:12 MST 2017

   SUSE Security Update: Security update for xorg-x11-server

Announcement ID:    SUSE-SU-2017:3025-1
Rating:             moderate
References:         #1025084 #1051150 #1063034 #1063035 #1063037 
                    #1063038 #1063039 #1063040 #1063041 
Cross-References:   CVE-2017-12176 CVE-2017-12177 CVE-2017-12178
                    CVE-2017-12179 CVE-2017-12180 CVE-2017-12181
                    CVE-2017-12182 CVE-2017-12183 CVE-2017-12184
                    CVE-2017-12185 CVE-2017-12186 CVE-2017-12187
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that fixes 13 vulnerabilities is now available.


   This update for xorg-x11-server provides several fixes.

   These security issues were fixed:

   - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText
     and XkbStringText (bsc#1051150).
   - Improve the entropy when generating random data used in server
     authorization cookies generation by using getentropy() and getrandom()
     when available (bsc#1025084)
   - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed
     unvalidated lengths in multiple extensions (bsc#1063034)
   - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension.
   - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated
     lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions
   - CVE-2017-12179: Fixed an integer overflow and unvalidated length in
     (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038)
   - CVE-2017-12178: Fixed a wrong extra length check in
     ProcXIChangeHierarchy in Xi (bsc#1063039)
   - CVE-2017-12177: Fixed an unvalidated variable-length request in
     ProcDbeGetVisualInfo (bsc#1063040)
   - CVE-2017-12176: Fixed an unvalidated extra length in
     ProcEstablishConnection (bsc#1063041)

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-xorg-x11-server-13345=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-xorg-x11-server-13345=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-xorg-x11-server-13345=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-security-updates mailing list