* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
This bug was fixed in the package xorg-server- hwe-16. 04 - 2:1.19. 3-1ubuntu1~ 16.04.2
--------------- hwe-16. 04 (2:1.19. 3-1ubuntu1~ 16.04.2) xenial; urgency=medium
xorg-server-
* SECURITY UPDATE: DoS and possible code execution in endianness patches/ CVE-2017- 10971-1. patch: do not try to swap patches/ CVE-2017- 10971-2. patch: verify all events in ExtensionEvent in Xi/sendexev.c. patches/ CVE-2017- 10971-3. patch: disallow GenericEvent in patches/ CVE-2017- 10972.patch: zero target buffer in dExtensionEvent in Xi/sendexev.c.
conversion of X Events
- debian/
GenericEvent in Xi/sendexev.c.
- debian/
ProcXSend
- debian/
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/
SProcXSen
- CVE-2017-10972
-- Marc Deslauriers <email address hidden> Tue, 25 Jul 2017 09:04:30 -0400