Security update for xorg-x11-server (important)

2017-07-15T15:09:15
ID OPENSUSE-SU-2017:1885-1
Type suse
Reporter Suse
Modified 2017-07-15T15:09:15

Description

This update for xorg-x11-server fixes the following issues:

  • CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
  • Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
  • CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
  • Improve retrieval of entropy for generating random authentication cookies (boo#1025084)