Main Vulnerability Database SB2017100615

SB2017100615 - Slackware Linux update for xorg-server

Published: October 6, 2017 Updated: October 6, 2017

Security Bulletin ID SB2017100615

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Privilege Management (CVE-ID: CVE-2017-13721)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.

2) Buffer overflow (CVE-ID: CVE-2017-13723)

The vulnerability allows a local authenticated user to execute arbitrary code.

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.872751