Slackware Local Security Checks : Slackware: Security Advisory (SSA:2017-227-01)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.13.2017.227.01

Kategorie: Slackware Local Security Checks

Titel: Slackware: Security Advisory (SSA:2017-227-01)

Zusammenfassung: The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.

Vulnerability Insight:
New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt.
This update fixes two security issues:
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt.
+--------------------------+

Affected Software/OS:
'xorg-server' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-10971
BugTraq ID: 99546
http://www.securityfocus.com/bid/99546
Debian Security Information: DSA-3905 (Google Search)
http://www.debian.org/security/2017/dsa-3905
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
Common Vulnerability Exposure (CVE) ID: CVE-2017-10972
BugTraq ID: 99543
http://www.securityfocus.com/bid/99543
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.13.2017.227.01
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2017-227-01)
Zusammenfassung:	The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory. Vulnerability Insight: New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt. This update fixes two security issues: A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server allowed authenticated malicious users to access potentially privileged data from the X server. For more information, see: [links moved to references] (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt. +--------------------------+ Affected Software/OS: 'xorg-server' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10971 BugTraq ID: 99546 http://www.securityfocus.com/bid/99546 Debian Security Information: DSA-3905 (Google Search) http://www.debian.org/security/2017/dsa-3905 https://bugzilla.suse.com/show_bug.cgi?id=1035283 https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455 Common Vulnerability Exposure (CVE) ID: CVE-2017-10972 BugTraq ID: 99543 http://www.securityfocus.com/bid/99543 https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
Copyright	Copyright (C) 2022 Greenbone AG