Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] xorg-server (SSA:2017-227-01)
Date: Tue, 15 Aug 2017 18:43:27 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  xorg-server (SSA:2017-227-01)

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
  This update fixes two security issues:
  A user authenticated to an X Session could crash or execute code in the
  context of the X Server by exploiting a stack overflow in the endianness
  conversion of X Events.
  Uninitialized data in endianness conversion in the XEvent handling of the
  X.Org X Server allowed authenticated malicious users to access potentially
  privileged data from the X server.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-1.19.3-i586-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-1.19.3-i586-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-1.19.3-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-1.19.3-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 13.0 packages:
86275ce224cc6b605cd48e265f7b3431  xorg-server-1.6.3-i486-4_slack13.0.txz
09e08405768eaf3c7d9fa7483e3645ec  xorg-server-xephyr-1.6.3-i486-4_slack13.0.txz
000e88cd1d2a651a2469151b6f6792cd  xorg-server-xnest-1.6.3-i486-4_slack13.0.txz
ead15ed6cd55bd4b3d66dcf55902f156  xorg-server-xvfb-1.6.3-i486-4_slack13.0.txz

Slackware x86_64 13.0 packages:
aaba854c38f7059a9c5f4811fc87356b  xorg-server-1.6.3-x86_64-4_slack13.0.txz
09c25303eb9d9ca066fc2a26d617ed22  xorg-server-xephyr-1.6.3-x86_64-4_slack13.0.txz
37a856e4f5642946a1ecbeebf5f5df46  xorg-server-xnest-1.6.3-x86_64-4_slack13.0.txz
9368c95fa1271c2bac3ea25539d005f3  xorg-server-xvfb-1.6.3-x86_64-4_slack13.0.txz

Slackware 13.1 packages:
c892f89f02f7561fed97f7358cd4c956  xorg-server-1.7.7-i486-4_slack13.1.txz
f8dc5a4d3fd03ceb5f7453c1fc90b9bd  xorg-server-xephyr-1.7.7-i486-4_slack13.1.txz
029ab43b662196f6d051332343275ad4  xorg-server-xnest-1.7.7-i486-4_slack13.1.txz
c06a34fa65acff4801d9cc0de19a47a8  xorg-server-xvfb-1.7.7-i486-4_slack13.1.txz

Slackware x86_64 13.1 packages:
c6b1665a39ad87e0e092c3210d159b34  xorg-server-1.7.7-x86_64-4_slack13.1.txz
755050374c936ced68848097fbacaf44  xorg-server-xephyr-1.7.7-x86_64-4_slack13.1.txz
348eab0e16fdbf55730e5e052849e399  xorg-server-xnest-1.7.7-x86_64-4_slack13.1.txz
e478efdc4209d9cb056fce65cf9d7b27  xorg-server-xvfb-1.7.7-x86_64-4_slack13.1.txz

Slackware 13.37 packages:
7d74fae08b08419ecb8d103c45620321  xorg-server-1.9.5-i486-4_slack13.37.txz
76e400a6b2cc65d5f2366da70644c5fb  xorg-server-xephyr-1.9.5-i486-4_slack13.37.txz
80b0fe9ed222ad834a17b69e17ba91a9  xorg-server-xnest-1.9.5-i486-4_slack13.37.txz
bd65bda294e5d883a395afa51ab9b754  xorg-server-xvfb-1.9.5-i486-4_slack13.37.txz

Slackware x86_64 13.37 packages:
e331047bb1428f32cc38d2f1e28f71b4  xorg-server-1.9.5-x86_64-4_slack13.37.txz
961812b1733ed1ac152b6e6ab8c66499  xorg-server-xephyr-1.9.5-x86_64-4_slack13.37.txz
ab7433d9233f843c6bbccd4f00e3cdde  xorg-server-xnest-1.9.5-x86_64-4_slack13.37.txz
a754270b3a41beed70c8dfc6c69d3970  xorg-server-xvfb-1.9.5-x86_64-4_slack13.37.txz

Slackware 14.0 packages:
61be1d15444a5f7c44cc3eb85269ccd9  xorg-server-1.12.4-i486-3_slack14.0.txz
ab80d7a22de7606800cf6569d4695d5b  xorg-server-xephyr-1.12.4-i486-3_slack14.0.txz
58e97ad8e541731e7cd4ff21d8fa0522  xorg-server-xnest-1.12.4-i486-3_slack14.0.txz
a238fd09707afc39d8ce49386b359fc9  xorg-server-xvfb-1.12.4-i486-3_slack14.0.txz

Slackware x86_64 14.0 packages:
fa2ebac60bf90265a9b68259e563c329  xorg-server-1.12.4-x86_64-3_slack14.0.txz
b2d68e907981ba071cd218e7158a974b  xorg-server-xephyr-1.12.4-x86_64-3_slack14.0.txz
742974e60afd5c4342c993bc3694b18d  xorg-server-xnest-1.12.4-x86_64-3_slack14.0.txz
6b5ce7aa0445ada3ba1e92a9081c57e0  xorg-server-xvfb-1.12.4-x86_64-3_slack14.0.txz

Slackware 14.1 packages:
09ab341882ee152edd38a9cff87aa3e5  xorg-server-1.14.3-i486-4_slack14.1.txz
88331b2e020467180ac48f58d8760716  xorg-server-xephyr-1.14.3-i486-4_slack14.1.txz
05b3987f24334485feeec64ab0ea15ed  xorg-server-xnest-1.14.3-i486-4_slack14.1.txz
ed4af26a340db3b1ad3544905e7cccba  xorg-server-xvfb-1.14.3-i486-4_slack14.1.txz

Slackware x86_64 14.1 packages:
1d10548567dbd16d22db20910f8e97fa  xorg-server-1.14.3-x86_64-4_slack14.1.txz
6440fab1b258eddd3c6425fd5e7a3d9e  xorg-server-xephyr-1.14.3-x86_64-4_slack14.1.txz
5c336b83dca66baf0a1e3438da5a1955  xorg-server-xnest-1.14.3-x86_64-4_slack14.1.txz
1f5140f0ea717fb53785f83e0e43eb98  xorg-server-xvfb-1.14.3-x86_64-4_slack14.1.txz

Slackware 14.2 packages:
1bc5d7586c9531815d33ef714cc52e2b  xorg-server-1.18.3-i586-3_slack14.2.txz
47ca0a793625e08bd6dc55310561ab68  xorg-server-xephyr-1.18.3-i586-3_slack14.2.txz
4408fd987a6f20d24c82bdb0fa5e47c2  xorg-server-xnest-1.18.3-i586-3_slack14.2.txz
5f636be733db15fbd8242585fee74500  xorg-server-xvfb-1.18.3-i586-3_slack14.2.txz

Slackware x86_64 14.2 packages:
852a94da7873a3634b540c1436e63e9d  xorg-server-1.18.3-x86_64-3_slack14.2.txz
3eadfffee3a9749b26a74c4efe67d83e  xorg-server-xephyr-1.18.3-x86_64-3_slack14.2.txz
e9364a469b7ea00cbc9b6723201e8039  xorg-server-xnest-1.18.3-x86_64-3_slack14.2.txz
6c2d01bbf136cdef4549a2b856fd01ca  xorg-server-xvfb-1.18.3-x86_64-3_slack14.2.txz

Slackware -current packages:
190b901651bfc22666836632e390fe94  x/xorg-server-1.19.3-i586-2.txz
6c991c9a7b4c96557b1ef3965ad4a18a  x/xorg-server-xephyr-1.19.3-i586-2.txz
e398ad8306d65105c1c2206782ff5cb2  x/xorg-server-xnest-1.19.3-i586-2.txz
3726206c8e2f11086145dbb9b14b1f6c  x/xorg-server-xvfb-1.19.3-i586-2.txz

Slackware x86_64 -current packages:
08857b3f3fc3e4e9d936f8129bb431b8  x/xorg-server-1.19.3-x86_64-2.txz
c3121263fbff67c0012417a96700d6c5  x/xorg-server-xephyr-1.19.3-x86_64-2.txz
3775079d48f00753ebb01f1bfa8b1a62  x/xorg-server-xnest-1.19.3-x86_64-2.txz
c3f783bce65bd1cfa1859e7d3b105d53  x/xorg-server-xvfb-1.19.3-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlmTczQACgkQakRjwEAQIjMI2wCffnhvOHvISi/Fi0/Ws1pjF2nK
+qYAnAy+gt3C7E1lWlBdlPItzmEhQbqe
=aiGo
-----END PGP SIGNATURE-----

Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.