Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283)
- Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the
allowed range.
- CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
- Improve retrieval of entropy for generating random authentication cookies (boo#1025084)
-
Submitted by
Stefan Dirsch (sndirsch)
- Relogin is suggested
Fixed bugs
bnc#1025084
VUL-0: xorg-x11-server: Weak Entropy Usage in xorg server in GenerateRandomData()
bnc#1035283
VUL-0: CVE-2017-10971 CVE-2017-10972: xorg-x11-server: various overflows in event processor
