Slackware Linux ProjectSSA-2017-279-03[slackware-security] xorg-server
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.7%
New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz: Rebuilt.
This update fixes two security issues:
Xext/shm: Validate shmseg resource id, otherwise it can belong to a
non-existing client and abort X server with FatalError “client not
in use”, or overwrite existing segment of another existing client.
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.
For more information, see:
https://vulners.com/cve/CVE-2017-13721
https://vulners.com/cve/CVE-2017-13723
(* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz: Rebuilt.
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-4_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-4_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-4_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-5_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-5_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-5_slack14.1.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-4_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-4_slack14.2.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.4-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.4-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.4-x86_64-1.txz
MD5 signatures:
Slackware 14.0 packages:
7992d91e05b7888845f3a3c75194ca4e xorg-server-1.12.4-i486-4_slack14.0.txz
0701a7bb89d14c0eb04e0f20bfc2eb5c xorg-server-xephyr-1.12.4-i486-4_slack14.0.txz
7246c52a663c0e14bb73814f6ef8a0f4 xorg-server-xnest-1.12.4-i486-4_slack14.0.txz
d7dcf92cfe38f890e0801e0dc7b1247c xorg-server-xvfb-1.12.4-i486-4_slack14.0.txz
Slackware x86_64 14.0 packages:
f1629560ee97f40e77caf09936e3901d xorg-server-1.12.4-x86_64-4_slack14.0.txz
1e43220cca3b7bff7323985557d2d9f4 xorg-server-xephyr-1.12.4-x86_64-4_slack14.0.txz
0b7deb02ac2a65a5bf5c626781de7115 xorg-server-xnest-1.12.4-x86_64-4_slack14.0.txz
a7b1e5a61e140dd773de748e8798a669 xorg-server-xvfb-1.12.4-x86_64-4_slack14.0.txz
Slackware 14.1 packages:
dd9c442c38ce7907ebe3ce4c03f550ea xorg-server-1.14.3-i486-5_slack14.1.txz
b5080cc5047fd311fa66c100117ce84d xorg-server-xephyr-1.14.3-i486-5_slack14.1.txz
d85416e48fe4bda5a573b23c820cdb4f xorg-server-xnest-1.14.3-i486-5_slack14.1.txz
90980d1f2335fb6efe33d0c717e80b72 xorg-server-xvfb-1.14.3-i486-5_slack14.1.txz
Slackware x86_64 14.1 packages:
f06a124a5452df626e8537938ff42377 xorg-server-1.14.3-x86_64-5_slack14.1.txz
e1e1fa0c7989b8b1aae5989f29b730b0 xorg-server-xephyr-1.14.3-x86_64-5_slack14.1.txz
a0830913185532efe2f8d42d2cd7b703 xorg-server-xnest-1.14.3-x86_64-5_slack14.1.txz
31ee2a54dfb2dfb4ef165455994e943d xorg-server-xvfb-1.14.3-x86_64-5_slack14.1.txz
Slackware 14.2 packages:
b1309bf76678749b0f353ab786eac4f9 xorg-server-1.18.3-i586-4_slack14.2.txz
b3e4de152de501ef28d0d638f2c63ca0 xorg-server-xephyr-1.18.3-i586-4_slack14.2.txz
325aee76a2fb475b5d2b85a923db5c75 xorg-server-xnest-1.18.3-i586-4_slack14.2.txz
78e3e9a598888d6a0971744fd734687c xorg-server-xvfb-1.18.3-i586-4_slack14.2.txz
Slackware x86_64 14.2 packages:
a62e18070d91f19da8d847de732a0a92 xorg-server-1.18.3-x86_64-4_slack14.2.txz
f701943b0097def2d5ca527916220c94 xorg-server-xephyr-1.18.3-x86_64-4_slack14.2.txz
aa56252779925f47f2174c2792e14ade xorg-server-xnest-1.18.3-x86_64-4_slack14.2.txz
507ff04d45b120df461d9c24b0df1cbd xorg-server-xvfb-1.18.3-x86_64-4_slack14.2.txz
Slackware -current packages:
386ba989276aafd4d0c0c1e6cf991a0d x/xorg-server-1.19.4-i586-1.txz
37523585a8551808cc674eaa321636df x/xorg-server-xephyr-1.19.4-i586-1.txz
47e6944988f69a709a1c72792ae1c998 x/xorg-server-xnest-1.19.4-i586-1.txz
02e911fc786cac11d70c6273db25c628 x/xorg-server-xvfb-1.19.4-i586-1.txz
Slackware x86_64 -current packages:
1ccb0221b7603c4db7f8d16ebb3fd027 x/xorg-server-1.19.4-x86_64-1.txz
e2498dbbd9775508681ee7b6fdf1992b x/xorg-server-xephyr-1.19.4-x86_64-1.txz
a0550c5d304dedb5fa9a631f7508f399 x/xorg-server-xnest-1.19.4-x86_64-1.txz
9290dd947843f9611af59d1a7814923a x/xorg-server-xvfb-1.19.4-x86_64-1.txz
Installation instructions:
Upgrade the packages as root:
> upgradepkg xorg-server-*.txz
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.7%