File _patchinfo of Package patchinfo.5551
<patchinfo incident="5551"> <issue id="1022727" tracker="bnc">yast2 problem: Window does not open if started remotely via ssh when DRI3 is enabled</issue> <issue id="1061107" tracker="bnc">Need X.Org fix applied to SLES and SLED 12 SP2 and SP3 for Citrix product release</issue> <issue id="1063034" tracker="bnc">VUL-0: CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: xorg-x11-server: Unvalidated lengths in multiple extensions</issue> <issue id="1063035" tracker="bnc">VUL-0: CVE-2017-12183: xorg-x11-server: Unvalidated lengths in XFIXES extension</issue> <issue id="1063037" tracker="bnc">VUL-0: CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: xorg-x11-server: Unvalidated lengths in XFree86-VidMode/XFree86-DGA/XFree86-DRI extension</issue> <issue id="1063038" tracker="bnc">VUL-0: CVE-2017-12179: xorg-x11-server: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer</issue> <issue id="1063039" tracker="bnc">VUL-0: CVE-2017-12178: xorg-x11-server: Xi: fix wrong extra length check in ProcXIChangeHierarchy</issue> <issue id="1063040" tracker="bnc">VUL-0: CVE-2017-12177: xorg-x11-server: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo</issue> <issue id="1063041" tracker="bnc">VUL-0: CVE-2017-12176: xorg-x11-server: Unvalidated extra length in ProcEstablishConnection</issue> <issue id="1051150" tracker="bnc">VUL-0: CVE-2017-13723: xorg-x11-server, xorg-x11: Local DoS via unusual characters in XkbAtomText and XkbStringText</issue> <issue id="1052984" tracker="bnc">VUL-0: CVE-2017-13721: xorg-x11-server: Xext/shm: Validate shmseg resource id.</issue> <issue id="2017-12176" tracker="cve" /> <issue id="2017-12177" tracker="cve" /> <issue id="2017-12178" tracker="cve" /> <issue id="2017-12179" tracker="cve" /> <issue id="2017-12180" tracker="cve" /> <issue id="2017-12181" tracker="cve" /> <issue id="2017-12182" tracker="cve" /> <issue id="2017-12183" tracker="cve" /> <issue id="2017-12184" tracker="cve" /> <issue id="2017-12185" tracker="cve" /> <issue id="2017-12186" tracker="cve" /> <issue id="2017-12187" tracker="cve" /> <issue id="2017-13721" tracker="cve" /> <issue id="2017-13723" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>michalsrb</packager> <description> This update for xorg-x11-server fixes several issues. These security issues were fixed: - CVE-2017-13721: Missing validation of shmseg resource id in Xext/XShm could lead to shared memory segments of other users beeing freed (bnc#1052984) - CVE-2017-13723: A local denial of service via unusual characters in XkbAtomText and XkbStringText was fixed (bnc#1051150) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) These non-security issues were fixed: - Make colormap/gamma glue code work with the RandR extension disabled. This prevents it from crashing and showing wrong colors. (bsc#1061107) - Recognize ssh as a remote client to fix launching applications remotely when using DRI3. (bsc#1022727) </description> <summary>Security update for xorg-x11-server</summary> </patchinfo>
