Overview

File _patchinfo of Package patchinfo.4681

<patchinfo incident="4681">
  <issue id="1025035" tracker="bnc">xorg-x11-server: Potential Use after Free in Xorg Server in XdmToID()</issue>
  <issue id="1025084" tracker="bnc">xorg-x11-server: Weak Entropy Usage in xorg server in GenerateRandomData()</issue>
  <issue id="1025029" tracker="bnc">CVE-2017-2624: xorg-x11-server: Timing attack against MIT Cookie</issue>
  <issue id="1021803" tracker="bnc">glamor (modeset/Xephyr) Wrong lineends in XDrawLine()</issue>
  <issue id="1025985" tracker="bnc">X-server reliably crashing from userspace</issue>
  <issue id="1039042" tracker="bnc">Reenable iGLX support in Xserver (regression)</issue>
  <issue id="1019649" tracker="bnc">Bad performance of XDrawArc with big line numbers</issue>
  <issue id="1032509" tracker="bnc">Indirect GLX no longer the default - hard to configure on some display managers</issue>
  <issue id="2017-2624" tracker="cve"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>michalsrb</packager>
  <description>
This update for xorg-x11-server provides the following fixes:

- Remove unused function with use-after-free issue. (bsc#1025035)
- Use arc4random to generate cookies. (bsc#1025084)
- Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624)
- XDrawArc performance improvement. (bsc#1019649)
- Re-enable indirect GLX by default. (bsc#1039042)
- Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509)
- Fix dashing in GLAMOR. (bsc#1021803)
- Fix X server crash on drawing dashed lines. (bsc#1025985)
</description>
  <summary>Security update for xorg-x11-server</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places