Slackware Local Security Checks : Slackware: Security Advisory (SSA:2017-227-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.13.2017.227.01

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2017-227-01)

Resumen: The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.

Vulnerability Insight:
New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt.
This update fixes two security issues:
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For more information, see:
[links moved to references]
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt.
+--------------------------+

Affected Software/OS:
'xorg-server' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-10971
BugTraq ID: 99546
http://www.securityfocus.com/bid/99546
Debian Security Information: DSA-3905 (Google Search)
http://www.debian.org/security/2017/dsa-3905
https://bugzilla.suse.com/show_bug.cgi?id=1035283
https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
Common Vulnerability Exposure (CVE) ID: CVE-2017-10972
BugTraq ID: 99543
http://www.securityfocus.com/bid/99543
https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2017.227.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2017-227-01)
Resumen:	The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xorg-server' package(s) announced via the SSA:2017-227-01 advisory. Vulnerability Insight: New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt. This update fixes two security issues: A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server allowed authenticated malicious users to access potentially privileged data from the X server. For more information, see: [links moved to references] (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt. +--------------------------+ Affected Software/OS: 'xorg-server' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-10971 BugTraq ID: 99546 http://www.securityfocus.com/bid/99546 Debian Security Information: DSA-3905 (Google Search) http://www.debian.org/security/2017/dsa-3905 https://bugzilla.suse.com/show_bug.cgi?id=1035283 https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455 Common Vulnerability Exposure (CVE) ID: CVE-2017-10972 BugTraq ID: 99543 http://www.securityfocus.com/bid/99543 https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
Copyright	Copyright (C) 2022 Greenbone AG