{"id":"MGASA-2017-0269","summary":"Updated x11-server packages fix security vulnerabilities","details":"Eric Sesterhenn discovered that the X.Org X server incorrectly compared\nMIT cookies. An attacker could possibly use this issue to perform a\ntiming attack and recover the MIT cookie (CVE-2017-2624).\n\nIt was discovered that the X.Org X server incorrectly handled endianness\nconversion of certain X events. An attacker able to connect to an X\nserver, either locally or remotely, could use this issue to crash the\nserver, or possibly execute arbitrary code as an administrator\n(CVE-2017-10971).\n\nIt was discovered that the X.Org X server incorrectly handled endianness\nconversion of certain X events. An attacker able to connect to an X\nserver, either locally or remotely, could use this issue to possibly\nobtain sensitive information (CVE-2017-10972).\n\nUse-after-free issue in an unused function in XDM (boo#1025035).\n","modified":"2026-01-31T23:19:35.665624Z","published":"2017-08-15T09:57:10Z","related":["CVE-2017-10971","CVE-2017-10972","CVE-2017-2624"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0269.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21191"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2017-06/msg00070.html"},{"type":"REPORT","url":"https://usn.ubuntu.com/usn/usn-3362-1/"},{"type":"REPORT","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"}],"affected":[{"package":{"name":"x11-server","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.4-2.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0269.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}