Security update for xorg-x11-server (important)

2017-07-14T15:10:41
ID SUSE-SU-2017:1860-1
Type suse
Reporter Suse
Modified 2017-07-14T15:10:41

Description

This update for xorg-x11-server provides the following fixes:

  • CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
  • Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
  • CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.