Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2017-227-01
HistoryAug 16, 2017 - 1:43 a.m.

[slackware-security] xorg-server

2017-08-1601:43:27
Slackware Linux Project
www.slackware.com
20

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt.
This update fixes two security issues:
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For more information, see:
https://vulners.com/cve/CVE-2017-10971
https://vulners.com/cve/CVE-2017-10972
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz

MD5 signatures:

Slackware 13.0 packages:
86275ce224cc6b605cd48e265f7b3431 xorg-server-1.6.3-i486-4_slack13.0.txz
09e08405768eaf3c7d9fa7483e3645ec xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
000e88cd1d2a651a2469151b6f6792cd xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ead15ed6cd55bd4b3d66dcf55902f156 xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Slackware x86_64 13.0 packages:
aaba854c38f7059a9c5f4811fc87356b xorg-server-1.6.3-x86_64-4_slack13.0.txz
09c25303eb9d9ca066fc2a26d617ed22 xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
37a856e4f5642946a1ecbeebf5f5df46 xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
9368c95fa1271c2bac3ea25539d005f3 xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Slackware 13.1 packages:
c892f89f02f7561fed97f7358cd4c956 xorg-server-1.7.7-i486-4_slack13.1.txz
f8dc5a4d3fd03ceb5f7453c1fc90b9bd xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
029ab43b662196f6d051332343275ad4 xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
c06a34fa65acff4801d9cc0de19a47a8 xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Slackware x86_64 13.1 packages:
c6b1665a39ad87e0e092c3210d159b34 xorg-server-1.7.7-x86_64-4_slack13.1.txz
755050374c936ced68848097fbacaf44 xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
348eab0e16fdbf55730e5e052849e399 xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
e478efdc4209d9cb056fce65cf9d7b27 xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Slackware 13.37 packages:
7d74fae08b08419ecb8d103c45620321 xorg-server-1.9.5-i486-4_slack13.37.txz
76e400a6b2cc65d5f2366da70644c5fb xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
80b0fe9ed222ad834a17b69e17ba91a9 xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
bd65bda294e5d883a395afa51ab9b754 xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Slackware x86_64 13.37 packages:
e331047bb1428f32cc38d2f1e28f71b4 xorg-server-1.9.5-x86_64-4_slack13.37.txz
961812b1733ed1ac152b6e6ab8c66499 xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ab7433d9233f843c6bbccd4f00e3cdde xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
a754270b3a41beed70c8dfc6c69d3970 xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Slackware 14.0 packages:
61be1d15444a5f7c44cc3eb85269ccd9 xorg-server-1.12.4-i486-3_slack14.0.txz
ab80d7a22de7606800cf6569d4695d5b xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
58e97ad8e541731e7cd4ff21d8fa0522 xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
a238fd09707afc39d8ce49386b359fc9 xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Slackware x86_64 14.0 packages:
fa2ebac60bf90265a9b68259e563c329 xorg-server-1.12.4-x86_64-3_slack14.0.txz
b2d68e907981ba071cd218e7158a974b xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
742974e60afd5c4342c993bc3694b18d xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
6b5ce7aa0445ada3ba1e92a9081c57e0 xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Slackware 14.1 packages:
09ab341882ee152edd38a9cff87aa3e5 xorg-server-1.14.3-i486-4_slack14.1.txz
88331b2e020467180ac48f58d8760716 xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
05b3987f24334485feeec64ab0ea15ed xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ed4af26a340db3b1ad3544905e7cccba xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Slackware x86_64 14.1 packages:
1d10548567dbd16d22db20910f8e97fa xorg-server-1.14.3-x86_64-4_slack14.1.txz
6440fab1b258eddd3c6425fd5e7a3d9e xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
5c336b83dca66baf0a1e3438da5a1955 xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
1f5140f0ea717fb53785f83e0e43eb98 xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Slackware 14.2 packages:
1bc5d7586c9531815d33ef714cc52e2b xorg-server-1.18.3-i586-3_slack14.2.txz
47ca0a793625e08bd6dc55310561ab68 xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
4408fd987a6f20d24c82bdb0fa5e47c2 xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
5f636be733db15fbd8242585fee74500 xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Slackware x86_64 14.2 packages:
852a94da7873a3634b540c1436e63e9d xorg-server-1.18.3-x86_64-3_slack14.2.txz
3eadfffee3a9749b26a74c4efe67d83e xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
e9364a469b7ea00cbc9b6723201e8039 xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
6c2d01bbf136cdef4549a2b856fd01ca xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Slackware -current packages:
190b901651bfc22666836632e390fe94 x/xorg-server-1.19.3-i586-2.txz
6c991c9a7b4c96557b1ef3965ad4a18a x/xorg-server-xephyr-1.19.3-i586-2.txz
e398ad8306d65105c1c2206782ff5cb2 x/xorg-server-xnest-1.19.3-i586-2.txz
3726206c8e2f11086145dbb9b14b1f6c x/xorg-server-xvfb-1.19.3-i586-2.txz

Slackware x86_64 -current packages:
08857b3f3fc3e4e9d936f8129bb431b8 x/xorg-server-1.19.3-x86_64-2.txz
c3121263fbff67c0012417a96700d6c5 x/xorg-server-xephyr-1.19.3-x86_64-2.txz
3775079d48f00753ebb01f1bfa8b1a62 x/xorg-server-xnest-1.19.3-x86_64-2.txz
c3f783bce65bd1cfa1859e7d3b105d53 x/xorg-server-xvfb-1.19.3-x86_64-2.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg xorg-server-*.txz

OSVersionArchitecturePackageVersionFilename
Slackware13.0i486xorg-server< 1.6.3xorg-server-1.6.3-i486-4_slack13.0.txz
Slackware13.0i486xorg-server-xephyr< 1.6.3xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
Slackware13.0i486xorg-server-xnest< 1.6.3xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
Slackware13.0i486xorg-server-xvfb< 1.6.3xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz
Slackware13.0x86_64xorg-server< 1.6.3xorg-server-1.6.3-x86_64-4_slack13.0.txz
Slackware13.0x86_64xorg-server-xephyr< 1.6.3xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
Slackware13.0x86_64xorg-server-xnest< 1.6.3xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
Slackware13.0x86_64xorg-server-xvfb< 1.6.3xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz
Slackware13.1i486xorg-server< 1.7.7xorg-server-1.7.7-i486-4_slack13.1.txz
Slackware13.1i486xorg-server-xephyr< 1.7.7xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
Rows per page:
1-10 of 561

Related

osv 4
suse 5
nessus 12
openvas 13
debian 2
archlinux 1
freebsd 1
mageia 1
ubuntu 1
prion 2
redhatcve 2
cve 2
debiancve 2
ubuntucve 2
osv
osv
xorg-server - security update
2017-07-09 00:00:00
xorg-server - security update
2017-07-14 00:00:00
CVE-2017-10972
2017-07-06 11:29:00
suse
suse
Security update for xorg-x11-server (important)
2017-07-14 15:10:13
Security update for xorg-x11-server (important)
2017-07-14 15:10:41
Security update for xorg-x11-server (important)
2017-07-15 15:09:15
nessus
nessus
FreeBSD : xorg-server -- Multiple Issues (ab881a74-c016-4e6d-9f7d-68c8e7cedafb)
2017-10-18 00:00:00
openSUSE Security Update : xorg-x11-server (openSUSE-2017-825)
2017-07-17 00:00:00
SUSE SLES11 Security Update : xorg-x11-server (SUSE-SU-2017:1850-1)
2017-07-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1850-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1859-1)
2021-04-19 00:00:00
Debian: Security Advisory (DSA-3905-1)
2017-07-08 00:00:00
debian
debian
[SECURITY] [DSA 3905-1] xorg-server security update
2017-07-09 20:42:15
[SECURITY] [DLA 1026-1] xorg-server security update
2017-07-14 12:50:58
archlinux
archlinux
[ASA-201708-11] xorg-server: multiple issues
2017-08-14 00:00:00
freebsd
freebsd
xorg-server -- Multiple Issues
2017-07-06 00:00:00
mageia
mageia
Updated x11-server packages fix security vulnerabilities
2017-08-15 12:57:10
ubuntu
ubuntu
X.Org X server vulnerabilities
2017-07-24 00:00:00
prion
prion
Design/Logic Flaw
2017-07-06 11:29:00
Stack overflow
2017-07-06 11:29:00
redhatcve
redhatcve
CVE-2017-10972
2017-07-20 08:48:50
CVE-2017-10971
2017-07-20 08:49:09
cve
cve
CVE-2017-10972
2017-07-06 11:29:00
CVE-2017-10971
2017-07-06 11:29:00
debiancve
debiancve
CVE-2017-10971
2017-07-06 11:29:00
CVE-2017-10972
2017-07-06 11:29:00
ubuntucve
ubuntucve
CVE-2017-10972
2017-07-06 00:00:00
CVE-2017-10971
2017-07-06 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON
Related for SSA-2017-227-01
osv4suse5nessus12openvas13debian2archlinux1freebsd1mageia1ubuntu1prion2redhatcve2cve2debiancve2ubuntucve2