Package xorg-server updated to version 1.19.4-alt1 for branch sisyphus in task 190364.

Published: 2017-07-06
Modified: 2024-11-21

CVE-2017-10971

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-07-06
Modified: 2024-11-21

CVE-2017-10972

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-10-10
Modified: 2024-11-21

CVE-2017-13721

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-10-10
Modified: 2024-11-21

CVE-2017-13723

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package xorg-server update in sisyphus on 2017-10-06

ALT-PU-2017-2383-1

Closed vulnerabilities

CVE-2017-10971

CVE-2017-10972

CVE-2017-13721

CVE-2017-13723