Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="150">
  <packager>jluce2</packager>
  <issue tracker="bnc" id="823410">Xvfb missing randr support</issue>
  <issue tracker="bnc" id="815583">VUL-0: xorg-x11-server: X-server DoS</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>update for xorg-x11-server</summary>
  <description>This xorg-x11-server update fixes a DoS vulnerability and
   adds randr support.
   - U_os-Reset-input-buffer-s-ignoreBytes-field.patch
   * If a client sends a request larger than
   maxBigRequestSize, the server is supposed to ignore it.
   Before commit cf88363d, the server would simply
   disconnect the client. After that commit, it attempts
   to gracefully ignore the request by remembering how
   long the client specified the request to be, and
   ignoring that many bytes. However, if a client sends a
   BigReq header with a large size and disconnects before
   actually sending the rest of the specified request, the
   server will reuse the ConnectionInput buffer without
   resetting the ignoreBytes field. This makes the server
   ignore new X clients' requests. This fixes that
   behavior by resetting the ignoreBytes field when
   putting the ConnectionInput buffer back on the
   FreeInputs list. (bnc#815583)

   - u_xserver_xvfb-randr.patch
   * Add randr support to Xvfb (bnc#823410)</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places