MGASA-2017-0269

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0269.html

Import Source

https://advisories.mageia.org/MGASA-2017-0269.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0269

Related

Published

2017-08-15T09:57:10Z

Modified

2017-08-15T09:40:59Z

Summary

Updated x11-server packages fix security vulnerabilities

Details

Eric Sesterhenn discovered that the X.Org X server incorrectly compared MIT cookies. An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie (CVE-2017-2624).

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator (CVE-2017-10971).

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information (CVE-2017-10972).

Use-after-free issue in an unused function in XDM (boo#1025035).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / x11-server

Package

Name: x11-server
Purl: pkg:rpm/mageia/x11-server?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.4-2.2.mga5

Ecosystem specific

{
    "section": "core"
}