Security update for xorg-x11-server (important)

2017-07-14T15:11:06
ID SUSE-SU-2017:1861-1
Type suse
Reporter Suse
Modified 2017-07-14T15:11:06

Description

This update for xorg-x11-server fixes the following issues:

  • CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
  • Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range.
  • CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.