[Secure-testing-team] Bug#867492: xorg-server: CVE-2017-10971 CVE-2017-10972
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 6 20:38:42 UTC 2017
Source: xorg-server
Version: 2:1.16.4-1
Severity: grave
Tags: upstream patch security
Justification: user security hole
Hi,
the following vulnerabilities were published for xorg-server, filling
the bug to track it int the BTS.
CVE-2017-10971[0]:
| In the X.Org X server before 2017-06-19, a user authenticated to an X
| Session could crash or execute code in the context of the X Server by
| exploiting a stack overflow in the endianness conversion of X Events.
CVE-2017-10972[1]:
| Uninitialized data in endianness conversion in the XEvent handling of
| the X.Org X Server before 2017-06-19 allowed authenticated malicious
| users to access potentially privileged data from the X server.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
[1] https://security-tracker.debian.org/tracker/CVE-2017-10972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
[2] https://bugzilla.suse.com/show_bug.cgi?id=1035283
Could you please check back with team at s.d.o if those warrant a DSA.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list