[ubuntu/trusty-security] xorg-server-lts-xenial 2:1.18.3-1ubuntu2.3~trusty2 (Accepted)

Marc Deslauriers Mon, 24 Jul 2017 09:27:38 -0700

xorg-server-lts-xenial (2:1.18.3-1ubuntu2.3~trusty2) trusty-security; 
urgency=medium


  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972
  * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
    - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
      configure.ac, include/dix-config.h.in, include/os.h,
      os/mitauth.c, os/timingsafe_memcmp.c.
    - CVE-2017-2624

Date: 2017-07-18 19:53:16.421023+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/xorg-server-lts-xenial/2:1.18.3-1ubuntu2.3~trusty2

Sorry, changesfile not available.

-- 
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] xorg-server-lts-xenial 2:1.18.3-1ubuntu2.3~trusty2 (Accepted)

Reply via email to