Debian Bug report logs -
#867492
xorg-server: CVE-2017-10971 CVE-2017-10972
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 6 Jul 2017 20:42:02 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version xorg-server/2:1.16.4-1
Fixed in versions xorg-server/2:1.19.3-2, xorg-server/2:1.19.2-1+deb9u1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#867492; Package src:xorg-server.
(Thu, 06 Jul 2017 20:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian X Strike Force <debian-x@lists.debian.org>.
(Thu, 06 Jul 2017 20:42:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: xorg-server
Version: 2:1.16.4-1
Severity: grave
Tags: upstream patch security
Justification: user security hole
Hi,
the following vulnerabilities were published for xorg-server, filling
the bug to track it int the BTS.
CVE-2017-10971[0]:
| In the X.Org X server before 2017-06-19, a user authenticated to an X
| Session could crash or execute code in the context of the X Server by
| exploiting a stack overflow in the endianness conversion of X Events.
CVE-2017-10972[1]:
| Uninitialized data in endianness conversion in the XEvent handling of
| the X.Org X Server before 2017-06-19 allowed authenticated malicious
| users to access potentially privileged data from the X server.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
[1] https://security-tracker.debian.org/tracker/CVE-2017-10972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
[2] https://bugzilla.suse.com/show_bug.cgi?id=1035283
Could you please check back with team@s.d.o if those warrant a DSA.
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 06 Jul 2017 20:48:03 GMT) (full text, mbox, link).
Reply sent
to Julien Cristau <jcristau@debian.org>:
You have taken responsibility.
(Fri, 07 Jul 2017 06:06:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 07 Jul 2017 06:06:04 GMT) (full text, mbox, link).
Message #12 received at 867492-close@bugs.debian.org (full text, mbox, reply):
Source: xorg-server
Source-Version: 2:1.19.3-2
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 867492@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Jul 2017 07:31:11 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-common xorg-server-source xwayland xserver-xorg-legacy
Architecture: source
Version: 2:1.19.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
xdmx - distributed multihead X server
xdmx-tools - Distributed Multihead X tools
xnest - Nested X server
xorg-server-source - Xorg X server - source files
xserver-common - common files used by various X servers
xserver-xephyr - nested X server
xserver-xorg-core - Xorg X server - core server
xserver-xorg-core-udeb - Xorg X server - core server (udeb)
xserver-xorg-dev - Xorg X server - development files
xserver-xorg-legacy - setuid root Xorg server wrapper
xvfb - Virtual Framebuffer 'fake' X server
xwayland - Xwayland X server
Closes: 867492
Changes:
xorg-server (2:1.19.3-2) unstable; urgency=high
.
* CVE-2017-10972: information leak out of the X server due to an
uninitialized stack area when swapping:
- Xi: Zero target buffer in SProcXSendExtensionEvent
* CVE-2017-10971: stack overflow due to missing GenericEvent handling in
XSendEvent:
- dix: Disallow GenericEvent in SendEvent request
- Xi: Verify all events in ProcXSendExtensionEvent
- Xi: Do not try to swap GenericEvent
* With both those fixes, this closes: #867492
Checksums-Sha1:
7e66cc3ec78d67e7776e44db1505d7f7d90bbeb8 4815 xorg-server_1.19.3-2.dsc
bc90bf9b9bef5e1583c53dd72fd39f062c5404f7 139662 xorg-server_1.19.3-2.diff.gz
Checksums-Sha256:
b12e94496dd2cb00d75170be13276dd29361ef8f9dd5f4b918db636476355e63 4815 xorg-server_1.19.3-2.dsc
743dca1680e454b2e166fdd2a5e36ca09145bbbd939503b791c74914eeb4603f 139662 xorg-server_1.19.3-2.diff.gz
Files:
9b309c48911de10dab1277c4871e237d 4815 x11 optional xorg-server_1.19.3-2.dsc
06ac8bd9d48e85ed53c7d75b9ee171ae 139662 x11 optional xorg-server_1.19.3-2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAllfIGsACgkQnbAjVVb4
z62unA/+LTHG7yNpJsWqmqv0bMJJnCZqJTt3AAgvqOjQ5EavBFwTt6DDt/Bk1tcx
WF7xueOLJ51hWxQyw45l8IH/zFa6f/9y+B8Hygm21XJ7a+Fub3Me8I3fUQKVMny9
z4r6IyqqMeFAG0TCJzMKP6tvPcyeKK0QQspqJDvXGfRb09grOuyrzHdIQ5yazYtW
yPwO8fXkK5q4IXwcpQ5rUwobQg5k9PRVoZcjvfOn34TC1O2X64nn3ko25mdNsT1Y
o5AVhvU7MVRArL8yX46e0z/MJ7R1B3Gem6J5kMUvI2QTY1xhU9zl6tRuAqA8Y1SY
EC0H6Mt3ylvMdFHBHkqNCtWo63C/atiVTVv4IFvqJBn6Q71mePDpmwyltbGXkxel
sEEoD/AWYmvTIjPC55wRCPaPvNz12wveQrU12f82uK/U6+5QXcdSfDrK6yHS1JyM
LjypoKgTSFS4AKxDGaH+pyAvBnxEzaiWA7ZjTprVy+JlmAd+OvS6lwxJ8lUy6nri
sJ+vUEeFU1ejIElUKZAC5hFRzZrTt5bJREuFwhX8OLpxmB49ol+Leg7DWy5v+xfZ
Go6qu5aH1M/Lt0ps9eVChx6iZEIOtXcAc/kNDIZZDtSJBrHil0gBX9Etrew+6/rl
rbN16pzImy2tlPbqz+Easwbz+Jy7LR2ABz5YOQ5OKUICqcpN11w=
=FdgX
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 15 Jul 2017 21:06:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 15 Jul 2017 21:06:03 GMT) (full text, mbox, link).
Message #17 received at 867492-close@bugs.debian.org (full text, mbox, reply):
Source: xorg-server
Source-Version: 2:1.19.2-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 867492@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Jul 2017 07:09:57 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-common xorg-server-source xwayland xserver-xorg-legacy
Architecture: source
Version: 2:1.19.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 867492
Description:
xdmx - distributed multihead X server
xdmx-tools - Distributed Multihead X tools
xnest - Nested X server
xorg-server-source - Xorg X server - source files
xserver-common - common files used by various X servers
xserver-xephyr - nested X server
xserver-xorg-core - Xorg X server - core server
xserver-xorg-core-udeb - Xorg X server - core server (udeb)
xserver-xorg-dev - Xorg X server - development files
xserver-xorg-legacy - setuid root Xorg server wrapper
xvfb - Virtual Framebuffer 'fake' X server
xwayland - Xwayland X server
Changes:
xorg-server (2:1.19.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-10971: stack buffer overflow in X Event structures handling
(Closes: #867492)
* CVE-2017-10972: information leak due to an uninitialized stack area when
swapping endianess.
(Closes: #867492)
Package-Type: udeb
Checksums-Sha1:
ea4dca71ed8a1884545f5b1731f328849791de18 4998 xorg-server_1.19.2-1+deb9u1.dsc
3648335593b9d267e44737b89694d38b99e3aee4 8321615 xorg-server_1.19.2.orig.tar.gz
2c0650cf7a648d1639e0dd2292393c05d92b6a0c 140641 xorg-server_1.19.2-1+deb9u1.diff.gz
Checksums-Sha256:
ad0d88dc1374aaa736e85b2d1f1495c95d5d8d48ab37ffd9a8e6bd2b80fb16f2 4998 xorg-server_1.19.2-1+deb9u1.dsc
191d91d02c059c66747635e145c30bc1004e703fe3b74439e26c0d05d5c4d28b 8321615 xorg-server_1.19.2.orig.tar.gz
0e309c92c661fc7e90beff5da2a9dca418ac6c618f9892f923ca1a237f38d941 140641 xorg-server_1.19.2-1+deb9u1.diff.gz
Files:
cee7d7b9295a67b197cd1f8ee9886ece 4998 x11 optional xorg-server_1.19.2-1+deb9u1.dsc
dfa411de6ce6fe35128d3b2e06941135 8321615 x11 optional xorg-server_1.19.2.orig.tar.gz
3fdaa3df20863f0181682f35b00417c2 140641 x11 optional xorg-server_1.19.2-1+deb9u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllfHn5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EovcP/R/h4t/bu/ntg/ouW2N/qOIeA44GcywB
okwfut447qHVAsT48uriJAH1qqP3dHyKdmdKKcnuNrvYB2MQDl4f5ZLoI51HTVE3
yDu08eWqaFfFDMeSIsRJL0PKBYFuhjBmbNNcKtv6KkX3iDNhJOPv9EMjVGIfOsuI
UizRTbnTqqu8VZPz0SVbtD6rJEnWl6/Lnkbi3y0A0zyBbPix3al4fCFCPhVufDcd
WmwbPpvRQ/pzSKZxuwMdl0hm1It07LDAg8ZnFd9tqjpZ3DE6Bf8LVWUGvDRVFxbp
8lXL7AjNugdgclFzTNMOxGQl+Vdtd7CvoKHNMmZbkLoGaYlQ+G5fbYS03h4Y6XOl
uTw5YsKFAbxj8WFmLFyxnl2Ax+XO2a74ykYepBwig0Zp3jh7vxLcJOHZECYKK4lZ
lVp3P8KcOSnM2GiHPo8zgjTwaM5B5DiVfzzTaezpQU5JBL7o+584uiprkh9DwnNB
4swzbzQsCbLBi+e/C2cuKecH3N06RPq9cnShPe79OrG14ZIkN79syqph6gMeoUSZ
/uV/MCtvh+LO7nCDNcLJZTvGouXmnytbhwMdgzReDsssrv6wi3B9o9kR4y3NUdNr
A3P3t1vB26xcyx8iOfWEasif4AQ6tqIKonVhh4quG/KTuynqP6/9zTaU4VLvspDL
JWgb/ojo7/ix
=fI3a
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 13 Aug 2017 07:30:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:17:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon