openSUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2823-1 Rating: moderate References: #1063034 #1063035 #1063037 #1063038 #1063039 #1063040 #1063041 Cross-References: CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following vulnerabilities: * CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection (bsc#1063041) * CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) * CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy (bsc#1063039) * CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (bsc#1063038) * CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Unvalidated lengths in XFree86-VidMode/XFree86-DGA/XFree86-DRI extension (bsc#1063037) * CVE-2017-12183: Unvalidated lengths in XFIXES extension (bsc#1063035) * CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Unvalidated lengths in multiple extensions (bsc#1063034) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1177=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1177=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): xorg-x11-server-7.6_1.18.3-28.1 xorg-x11-server-debuginfo-7.6_1.18.3-28.1 xorg-x11-server-debugsource-7.6_1.18.3-28.1 xorg-x11-server-extra-7.6_1.18.3-28.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-28.1 xorg-x11-server-sdk-7.6_1.18.3-28.1 xorg-x11-server-source-7.6_1.18.3-28.1 - openSUSE Leap 42.2 (i586 x86_64): xorg-x11-server-7.6_1.18.3-12.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-12.26.1 xorg-x11-server-debugsource-7.6_1.18.3-12.26.1 xorg-x11-server-extra-7.6_1.18.3-12.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-12.26.1 xorg-x11-server-sdk-7.6_1.18.3-12.26.1 xorg-x11-server-source-7.6_1.18.3-12.26.1 References: https://www.suse.com/security/cve/CVE-2017-12176.html https://www.suse.com/security/cve/CVE-2017-12177.html https://www.suse.com/security/cve/CVE-2017-12178.html https://www.suse.com/security/cve/CVE-2017-12179.html https://www.suse.com/security/cve/CVE-2017-12180.html https://www.suse.com/security/cve/CVE-2017-12181.html https://www.suse.com/security/cve/CVE-2017-12182.html https://www.suse.com/security/cve/CVE-2017-12183.html https://www.suse.com/security/cve/CVE-2017-12184.html https://www.suse.com/security/cve/CVE-2017-12185.html https://www.suse.com/security/cve/CVE-2017-12186.html https://www.suse.com/security/cve/CVE-2017-12187.html https://bugzilla.suse.com/1063034 https://bugzilla.suse.com/1063035 https://bugzilla.suse.com/1063037 https://bugzilla.suse.com/1063038 https://bugzilla.suse.com/1063039 https://bugzilla.suse.com/1063040 https://bugzilla.suse.com/1063041