Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.3025.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:3025-1)
Summary:The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2017:3025-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the SUSE-SU-2017:3025-1 advisory.

Vulnerability Insight:
This update for xorg-x11-server provides several fixes.
These security issues were fixed:
- CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText
and XkbStringText (bsc#1051150).
- Improve the entropy when generating random data used in X.org server
authorization cookies generation by using getentropy() and getrandom()
when available (bsc#1025084)
- CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed
unvalidated lengths in multiple extensions (bsc#1063034)
- CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension.
(bsc#1063035)
- CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated
lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions
(bsc#1063037)
- CVE-2017-12179: Fixed an integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer in Xi (bsc#1063038)
- CVE-2017-12178: Fixed a wrong extra length check in
ProcXIChangeHierarchy in Xi (bsc#1063039)
- CVE-2017-12177: Fixed an unvalidated variable-length request in
ProcDbeGetVisualInfo (bsc#1063040)
- CVE-2017-12176: Fixed an unvalidated extra length in
ProcEstablishConnection (bsc#1063041)

Affected Software/OS:
'xorg-x11-server' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-12176
Common Vulnerability Exposure (CVE) ID: CVE-2017-12177
Common Vulnerability Exposure (CVE) ID: CVE-2017-12178
Common Vulnerability Exposure (CVE) ID: CVE-2017-12179
Common Vulnerability Exposure (CVE) ID: CVE-2017-12180
Common Vulnerability Exposure (CVE) ID: CVE-2017-12181
Common Vulnerability Exposure (CVE) ID: CVE-2017-12182
Common Vulnerability Exposure (CVE) ID: CVE-2017-12183
Common Vulnerability Exposure (CVE) ID: CVE-2017-12184
Common Vulnerability Exposure (CVE) ID: CVE-2017-12185
Common Vulnerability Exposure (CVE) ID: CVE-2017-12186
Common Vulnerability Exposure (CVE) ID: CVE-2017-12187
Common Vulnerability Exposure (CVE) ID: CVE-2017-13723
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.