xorg-server-hwe-16.04 (2:1.18.4-1ubuntu6.1~16.04.2) xenial-security;
urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
* SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
- debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
configure.ac, include/dix-config.h.in, include/os.h,
os/mitauth.c, os/timingsafe_memcmp.c.
- CVE-2017-2624
Date: 2017-07-19 13:11:21.840897+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/xorg-server-hwe-16.04/2:1.18.4-1ubuntu6.1~16.04.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes