Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in X11
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in X11
ID: SSA:2017-227-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37, Slackware 14.0, Slackware x86_64 14.0, Slackware 14.1, Slackware x86_64 14.1, Slackware 14.2, Slackware x86_64 14.2
Datum: Mi, 16. August 2017, 07:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
Applikationen: X11

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2017-227-01)

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt.
This update fixes two security issues:
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
xorg-server-1.6.3-i486-4_slack13.0.txz
xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
xorg-server-1.6.3-x86_64-4_slack13.0.txz
xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Updated packages for Slackware 13.1:
xorg-server-1.7.7-i486-4_slack13.1.txz
xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
xorg-server-1.7.7-x86_64-4_slack13.1.txz
xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Updated packages for Slackware 13.37:
xorg-server-1.9.5-i486-4_slack13.37.txz
xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
xorg-server-1.9.5-x86_64-4_slack13.37.txz
xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Updated packages for Slackware 14.0:
xorg-server-1.12.4-i486-3_slack14.0.txz
xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
xorg-server-1.12.4-x86_64-3_slack14.0.txz
xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Updated packages for Slackware 14.1:
xorg-server-1.14.3-i486-4_slack14.1.txz
xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
xorg-server-1.14.3-x86_64-4_slack14.1.txz
xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Updated packages for Slackware 14.2:
xorg-server-1.18.3-i586-3_slack14.2.txz
xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
xorg-server-1.18.3-x86_64-3_slack14.2.txz
xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Updated packages for Slackware -current:
xorg-server-1.19.3-i586-2.txz
xorg-server-xephyr-1.19.3-i586-2.txz
xorg-server-xnest-1.19.3-i586-2.txz
xorg-server-xvfb-1.19.3-i586-2.txz

Updated packages for Slackware x86_64 -current:
xorg-server-1.19.3-x86_64-2.txz
xorg-server-xephyr-1.19.3-x86_64-2.txz
xorg-server-xnest-1.19.3-x86_64-2.txz
xorg-server-xvfb-1.19.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
86275ce224cc6b605cd48e265f7b3431 xorg-server-1.6.3-i486-4_slack13.0.txz
09e08405768eaf3c7d9fa7483e3645ec xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
000e88cd1d2a651a2469151b6f6792cd xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ead15ed6cd55bd4b3d66dcf55902f156 xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Slackware x86_64 13.0 packages:
aaba854c38f7059a9c5f4811fc87356b xorg-server-1.6.3-x86_64-4_slack13.0.txz
09c25303eb9d9ca066fc2a26d617ed22
xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
37a856e4f5642946a1ecbeebf5f5df46
xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
9368c95fa1271c2bac3ea25539d005f3 xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Slackware 13.1 packages:
c892f89f02f7561fed97f7358cd4c956 xorg-server-1.7.7-i486-4_slack13.1.txz
f8dc5a4d3fd03ceb5f7453c1fc90b9bd xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
029ab43b662196f6d051332343275ad4 xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
c06a34fa65acff4801d9cc0de19a47a8 xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Slackware x86_64 13.1 packages:
c6b1665a39ad87e0e092c3210d159b34 xorg-server-1.7.7-x86_64-4_slack13.1.txz
755050374c936ced68848097fbacaf44
xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
348eab0e16fdbf55730e5e052849e399
xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
e478efdc4209d9cb056fce65cf9d7b27 xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Slackware 13.37 packages:
7d74fae08b08419ecb8d103c45620321 xorg-server-1.9.5-i486-4_slack13.37.txz
76e400a6b2cc65d5f2366da70644c5fb
xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
80b0fe9ed222ad834a17b69e17ba91a9 xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
bd65bda294e5d883a395afa51ab9b754 xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Slackware x86_64 13.37 packages:
e331047bb1428f32cc38d2f1e28f71b4 xorg-server-1.9.5-x86_64-4_slack13.37.txz
961812b1733ed1ac152b6e6ab8c66499
xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ab7433d9233f843c6bbccd4f00e3cdde
xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
a754270b3a41beed70c8dfc6c69d3970
xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Slackware 14.0 packages:
61be1d15444a5f7c44cc3eb85269ccd9 xorg-server-1.12.4-i486-3_slack14.0.txz
ab80d7a22de7606800cf6569d4695d5b
xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
58e97ad8e541731e7cd4ff21d8fa0522 xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
a238fd09707afc39d8ce49386b359fc9 xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Slackware x86_64 14.0 packages:
fa2ebac60bf90265a9b68259e563c329 xorg-server-1.12.4-x86_64-3_slack14.0.txz
b2d68e907981ba071cd218e7158a974b
xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
742974e60afd5c4342c993bc3694b18d
xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
6b5ce7aa0445ada3ba1e92a9081c57e0
xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Slackware 14.1 packages:
09ab341882ee152edd38a9cff87aa3e5 xorg-server-1.14.3-i486-4_slack14.1.txz
88331b2e020467180ac48f58d8760716
xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
05b3987f24334485feeec64ab0ea15ed xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ed4af26a340db3b1ad3544905e7cccba xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Slackware x86_64 14.1 packages:
1d10548567dbd16d22db20910f8e97fa xorg-server-1.14.3-x86_64-4_slack14.1.txz
6440fab1b258eddd3c6425fd5e7a3d9e
xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
5c336b83dca66baf0a1e3438da5a1955
xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
1f5140f0ea717fb53785f83e0e43eb98
xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Slackware 14.2 packages:
1bc5d7586c9531815d33ef714cc52e2b xorg-server-1.18.3-i586-3_slack14.2.txz
47ca0a793625e08bd6dc55310561ab68
xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
4408fd987a6f20d24c82bdb0fa5e47c2 xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
5f636be733db15fbd8242585fee74500 xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Slackware x86_64 14.2 packages:
852a94da7873a3634b540c1436e63e9d xorg-server-1.18.3-x86_64-3_slack14.2.txz
3eadfffee3a9749b26a74c4efe67d83e
xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
e9364a469b7ea00cbc9b6723201e8039
xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
6c2d01bbf136cdef4549a2b856fd01ca
xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Slackware -current packages:
190b901651bfc22666836632e390fe94 x/xorg-server-1.19.3-i586-2.txz
6c991c9a7b4c96557b1ef3965ad4a18a x/xorg-server-xephyr-1.19.3-i586-2.txz
e398ad8306d65105c1c2206782ff5cb2 x/xorg-server-xnest-1.19.3-i586-2.txz
3726206c8e2f11086145dbb9b14b1f6c x/xorg-server-xvfb-1.19.3-i586-2.txz

Slackware x86_64 -current packages:
08857b3f3fc3e4e9d936f8129bb431b8 x/xorg-server-1.19.3-x86_64-2.txz
c3121263fbff67c0012417a96700d6c5 x/xorg-server-xephyr-1.19.3-x86_64-2.txz
3775079d48f00753ebb01f1bfa8b1a62 x/xorg-server-xnest-1.19.3-x86_64-2.txz
c3f783bce65bd1cfa1859e7d3b105d53 x/xorg-server-xvfb-1.19.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlmTczQACgkQakRjwEAQIjMI2wCffnhvOHvISi/Fi0/Ws1pjF2nK
+qYAnAy+gt3C7E1lWlBdlPItzmEhQbqe
=aiGo
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung