news 28 Posted August 16, 2017 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xorg-server (SSA:2017-227-01) New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz: Rebuilt. This update fixes two security issues: A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server allowed authenticated malicious users to access potentially privileged data from the X server. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972 (* Security fix *) patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz: Rebuilt. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz MD5 signatures: +-------------+ Slackware 13.0 packages: 86275ce224cc6b605cd48e265f7b3431 xorg-server-1.6.3-i486-4_slack13.0.txz 09e08405768eaf3c7d9fa7483e3645ec xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz 000e88cd1d2a651a2469151b6f6792cd xorg-server-xnest-1.6.3-i486-4_slack13.0.txz ead15ed6cd55bd4b3d66dcf55902f156 xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz Slackware x86_64 13.0 packages: aaba854c38f7059a9c5f4811fc87356b xorg-server-1.6.3-x86_64-4_slack13.0.txz 09c25303eb9d9ca066fc2a26d617ed22 xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz 37a856e4f5642946a1ecbeebf5f5df46 xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz 9368c95fa1271c2bac3ea25539d005f3 xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz Slackware 13.1 packages: c892f89f02f7561fed97f7358cd4c956 xorg-server-1.7.7-i486-4_slack13.1.txz f8dc5a4d3fd03ceb5f7453c1fc90b9bd xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz 029ab43b662196f6d051332343275ad4 xorg-server-xnest-1.7.7-i486-4_slack13.1.txz c06a34fa65acff4801d9cc0de19a47a8 xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz Slackware x86_64 13.1 packages: c6b1665a39ad87e0e092c3210d159b34 xorg-server-1.7.7-x86_64-4_slack13.1.txz 755050374c936ced68848097fbacaf44 xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz 348eab0e16fdbf55730e5e052849e399 xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz e478efdc4209d9cb056fce65cf9d7b27 xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz Slackware 13.37 packages: 7d74fae08b08419ecb8d103c45620321 xorg-server-1.9.5-i486-4_slack13.37.txz 76e400a6b2cc65d5f2366da70644c5fb xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz 80b0fe9ed222ad834a17b69e17ba91a9 xorg-server-xnest-1.9.5-i486-4_slack13.37.txz bd65bda294e5d883a395afa51ab9b754 xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz Slackware x86_64 13.37 packages: e331047bb1428f32cc38d2f1e28f71b4 xorg-server-1.9.5-x86_64-4_slack13.37.txz 961812b1733ed1ac152b6e6ab8c66499 xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz ab7433d9233f843c6bbccd4f00e3cdde xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz a754270b3a41beed70c8dfc6c69d3970 xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz Slackware 14.0 packages: 61be1d15444a5f7c44cc3eb85269ccd9 xorg-server-1.12.4-i486-3_slack14.0.txz ab80d7a22de7606800cf6569d4695d5b xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz 58e97ad8e541731e7cd4ff21d8fa0522 xorg-server-xnest-1.12.4-i486-3_slack14.0.txz a238fd09707afc39d8ce49386b359fc9 xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz Slackware x86_64 14.0 packages: fa2ebac60bf90265a9b68259e563c329 xorg-server-1.12.4-x86_64-3_slack14.0.txz b2d68e907981ba071cd218e7158a974b xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz 742974e60afd5c4342c993bc3694b18d xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz 6b5ce7aa0445ada3ba1e92a9081c57e0 xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz Slackware 14.1 packages: 09ab341882ee152edd38a9cff87aa3e5 xorg-server-1.14.3-i486-4_slack14.1.txz 88331b2e020467180ac48f58d8760716 xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz 05b3987f24334485feeec64ab0ea15ed xorg-server-xnest-1.14.3-i486-4_slack14.1.txz ed4af26a340db3b1ad3544905e7cccba xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz Slackware x86_64 14.1 packages: 1d10548567dbd16d22db20910f8e97fa xorg-server-1.14.3-x86_64-4_slack14.1.txz 6440fab1b258eddd3c6425fd5e7a3d9e xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz 5c336b83dca66baf0a1e3438da5a1955 xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz 1f5140f0ea717fb53785f83e0e43eb98 xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz Slackware 14.2 packages: 1bc5d7586c9531815d33ef714cc52e2b xorg-server-1.18.3-i586-3_slack14.2.txz 47ca0a793625e08bd6dc55310561ab68 xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz 4408fd987a6f20d24c82bdb0fa5e47c2 xorg-server-xnest-1.18.3-i586-3_slack14.2.txz 5f636be733db15fbd8242585fee74500 xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz Slackware x86_64 14.2 packages: 852a94da7873a3634b540c1436e63e9d xorg-server-1.18.3-x86_64-3_slack14.2.txz 3eadfffee3a9749b26a74c4efe67d83e xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz e9364a469b7ea00cbc9b6723201e8039 xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz 6c2d01bbf136cdef4549a2b856fd01ca xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz Slackware -current packages: 190b901651bfc22666836632e390fe94 x/xorg-server-1.19.3-i586-2.txz 6c991c9a7b4c96557b1ef3965ad4a18a x/xorg-server-xephyr-1.19.3-i586-2.txz e398ad8306d65105c1c2206782ff5cb2 x/xorg-server-xnest-1.19.3-i586-2.txz 3726206c8e2f11086145dbb9b14b1f6c x/xorg-server-xvfb-1.19.3-i586-2.txz Slackware x86_64 -current packages: 08857b3f3fc3e4e9d936f8129bb431b8 x/xorg-server-1.19.3-x86_64-2.txz c3121263fbff67c0012417a96700d6c5 x/xorg-server-xephyr-1.19.3-x86_64-2.txz 3775079d48f00753ebb01f1bfa8b1a62 x/xorg-server-xnest-1.19.3-x86_64-2.txz c3f783bce65bd1cfa1859e7d3b105d53 x/xorg-server-xvfb-1.19.3-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg xorg-server-*.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+ Share this post Link to post