This bug was fixed in the package xorg-server-hwe-16.04 -
2:1.19.3-1ubuntu1~16.04.2
---------------
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
-- Marc Deslauriers <[email protected]> Tue, 25 Jul 2017
09:04:30 -0400
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1687981
Title:
Backport packages for 16.04.3 HWE stack
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libclc/+bug/1687981/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
