{"id":"MGASA-2017-0366","summary":"Updated x11-server packages fix security vulnerabilities","details":"In Xext/shm, the shmseg resource id can belong to a non-existing client\nand abort X server with FatalError \"client not in use\", or overwrite\nexisting segment of another existing client (CVE-2017-13721).\n\nGenerating strings for XKB data used a single shared static buffer,\nwhich offered several opportunities for errors when strings end up\nlonger than anticipated (CVE-2017-13723).\n","modified":"2026-04-16T01:47:01.496038885Z","published":"2017-10-09T09:51:10Z","upstream":["CVE-2017-13721","CVE-2017-13723"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0366.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21820"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/10/04/10"}],"affected":[{"package":{"name":"x11-server","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.4-2.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0366.json"}},{"package":{"name":"x11-server","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.19.4-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0366.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}