Jump to content
Compatible Support Forums
Sign in to follow this  
news

[slackware-security] xorg-server (SSA:2017-227-01)

Recommended Posts

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

[slackware-security] xorg-server (SSA:2017-227-01)

 

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,

14.1, 14.2, and -current to fix security issues.

 

 

Here are the details from the Slackware 14.2 ChangeLog:

+--------------------------+

patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt.

This update fixes two security issues:

A user authenticated to an X Session could crash or execute code in the

context of the X Server by exploiting a stack overflow in the endianness

conversion of X Events.

Uninitialized data in endianness conversion in the XEvent handling of the

X.Org X Server allowed authenticated malicious users to access potentially

privileged data from the X server.

For more information, see:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972

(* Security fix *)

patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt.

patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt.

patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt.

+--------------------------+

 

 

Where to find the new packages:

+-----------------------------+

 

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

 

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

 

Updated packages for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

 

Updated packages for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

 

Updated packages for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

 

Updated packages for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

 

Updated packages for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

 

Updated packages for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

 

Updated packages for Slackware 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

 

Updated packages for Slackware x86_64 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

 

Updated packages for Slackware 14.1:

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

 

Updated packages for Slackware x86_64 14.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

 

Updated packages for Slackware 14.2:

ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

 

Updated packages for Slackware x86_64 14.2:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

 

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz

 

Updated packages for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz

 

 

MD5 signatures:

+-------------+

 

Slackware 13.0 packages:

86275ce224cc6b605cd48e265f7b3431 xorg-server-1.6.3-i486-4_slack13.0.txz

09e08405768eaf3c7d9fa7483e3645ec xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz

000e88cd1d2a651a2469151b6f6792cd xorg-server-xnest-1.6.3-i486-4_slack13.0.txz

ead15ed6cd55bd4b3d66dcf55902f156 xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

 

Slackware x86_64 13.0 packages:

aaba854c38f7059a9c5f4811fc87356b xorg-server-1.6.3-x86_64-4_slack13.0.txz

09c25303eb9d9ca066fc2a26d617ed22 xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz

37a856e4f5642946a1ecbeebf5f5df46 xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz

9368c95fa1271c2bac3ea25539d005f3 xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

 

Slackware 13.1 packages:

c892f89f02f7561fed97f7358cd4c956 xorg-server-1.7.7-i486-4_slack13.1.txz

f8dc5a4d3fd03ceb5f7453c1fc90b9bd xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz

029ab43b662196f6d051332343275ad4 xorg-server-xnest-1.7.7-i486-4_slack13.1.txz

c06a34fa65acff4801d9cc0de19a47a8 xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

 

Slackware x86_64 13.1 packages:

c6b1665a39ad87e0e092c3210d159b34 xorg-server-1.7.7-x86_64-4_slack13.1.txz

755050374c936ced68848097fbacaf44 xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz

348eab0e16fdbf55730e5e052849e399 xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz

e478efdc4209d9cb056fce65cf9d7b27 xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

 

Slackware 13.37 packages:

7d74fae08b08419ecb8d103c45620321 xorg-server-1.9.5-i486-4_slack13.37.txz

76e400a6b2cc65d5f2366da70644c5fb xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz

80b0fe9ed222ad834a17b69e17ba91a9 xorg-server-xnest-1.9.5-i486-4_slack13.37.txz

bd65bda294e5d883a395afa51ab9b754 xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

 

Slackware x86_64 13.37 packages:

e331047bb1428f32cc38d2f1e28f71b4 xorg-server-1.9.5-x86_64-4_slack13.37.txz

961812b1733ed1ac152b6e6ab8c66499 xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz

ab7433d9233f843c6bbccd4f00e3cdde xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz

a754270b3a41beed70c8dfc6c69d3970 xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

 

Slackware 14.0 packages:

61be1d15444a5f7c44cc3eb85269ccd9 xorg-server-1.12.4-i486-3_slack14.0.txz

ab80d7a22de7606800cf6569d4695d5b xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz

58e97ad8e541731e7cd4ff21d8fa0522 xorg-server-xnest-1.12.4-i486-3_slack14.0.txz

a238fd09707afc39d8ce49386b359fc9 xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

 

Slackware x86_64 14.0 packages:

fa2ebac60bf90265a9b68259e563c329 xorg-server-1.12.4-x86_64-3_slack14.0.txz

b2d68e907981ba071cd218e7158a974b xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz

742974e60afd5c4342c993bc3694b18d xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz

6b5ce7aa0445ada3ba1e92a9081c57e0 xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

 

Slackware 14.1 packages:

09ab341882ee152edd38a9cff87aa3e5 xorg-server-1.14.3-i486-4_slack14.1.txz

88331b2e020467180ac48f58d8760716 xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz

05b3987f24334485feeec64ab0ea15ed xorg-server-xnest-1.14.3-i486-4_slack14.1.txz

ed4af26a340db3b1ad3544905e7cccba xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

 

Slackware x86_64 14.1 packages:

1d10548567dbd16d22db20910f8e97fa xorg-server-1.14.3-x86_64-4_slack14.1.txz

6440fab1b258eddd3c6425fd5e7a3d9e xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz

5c336b83dca66baf0a1e3438da5a1955 xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz

1f5140f0ea717fb53785f83e0e43eb98 xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

 

Slackware 14.2 packages:

1bc5d7586c9531815d33ef714cc52e2b xorg-server-1.18.3-i586-3_slack14.2.txz

47ca0a793625e08bd6dc55310561ab68 xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz

4408fd987a6f20d24c82bdb0fa5e47c2 xorg-server-xnest-1.18.3-i586-3_slack14.2.txz

5f636be733db15fbd8242585fee74500 xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

 

Slackware x86_64 14.2 packages:

852a94da7873a3634b540c1436e63e9d xorg-server-1.18.3-x86_64-3_slack14.2.txz

3eadfffee3a9749b26a74c4efe67d83e xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz

e9364a469b7ea00cbc9b6723201e8039 xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz

6c2d01bbf136cdef4549a2b856fd01ca xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

 

Slackware -current packages:

190b901651bfc22666836632e390fe94 x/xorg-server-1.19.3-i586-2.txz

6c991c9a7b4c96557b1ef3965ad4a18a x/xorg-server-xephyr-1.19.3-i586-2.txz

e398ad8306d65105c1c2206782ff5cb2 x/xorg-server-xnest-1.19.3-i586-2.txz

3726206c8e2f11086145dbb9b14b1f6c x/xorg-server-xvfb-1.19.3-i586-2.txz

 

Slackware x86_64 -current packages:

08857b3f3fc3e4e9d936f8129bb431b8 x/xorg-server-1.19.3-x86_64-2.txz

c3121263fbff67c0012417a96700d6c5 x/xorg-server-xephyr-1.19.3-x86_64-2.txz

3775079d48f00753ebb01f1bfa8b1a62 x/xorg-server-xnest-1.19.3-x86_64-2.txz

c3f783bce65bd1cfa1859e7d3b105d53 x/xorg-server-xvfb-1.19.3-x86_64-2.txz

 

 

Installation instructions:

+------------------------+

 

Upgrade the packages as root:

# upgradepkg xorg-server-*.txz

 

 

+-----+

 

Slackware Linux Security Team

http://slackware.com/gpg-key

security ( -at -) slackware.com

 

+------------------------------------------------------------------------+

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×