Updated x11-server packages fix security vulnerabilities
Publication date: 15 Aug 2017Modification date: 15 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2624 , CVE-2017-10971 , CVE-2017-10972
Description
Eric Sesterhenn discovered that the X.Org X server incorrectly compared
MIT cookies. An attacker could possibly use this issue to perform a
timing attack and recover the MIT cookie (CVE-2017-2624).
It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X
server, either locally or remotely, could use this issue to crash the
server, or possibly execute arbitrary code as an administrator
(CVE-2017-10971).
It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X
server, either locally or remotely, could use this issue to possibly
obtain sensitive information (CVE-2017-10972).
Use-after-free issue in an unused function in XDM (boo#1025035).
References
- https://bugs.mageia.org/show_bug.cgi?id=21191
- https://lists.opensuse.org/opensuse-updates/2017-06/msg00070.html
- https://usn.ubuntu.com/usn/usn-3362-1/
- https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2624
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
SRPMS
5/core
- x11-server-1.16.4-2.2.mga5