ArchLinux: 201710-10: xorg-server: multiple issues
Summary
- CVE-2017-13721 (denial of service)
A denial of service vulnerability was found in xorg-server in the
ProcShmCreateSegment function due to a missing shmseg resource ids
validation. A passed shmseg resource id may belong to a non-existing
client and abort X server with FatalError "client not in use", or
overwrite existing segment of another existing client.
- CVE-2017-13723 (arbitrary code execution)
A stack buffer overflow was found in xkbtext.c, which didn't handle xkb
formatted string output safely due to a single shared static buffer.
The fix introduces a ring of resizable buffers to avoid problems when
strings end up longer than anticipated.
This vulnerability may potentially lead to privilege escalation when
the xorg-server is running with root privileges.
Resolution
Upgrade to 1.19.4-1.
# pacman -Syu "xorg-server>=1.19.4-1"
The problems have been fixed upstream in version 1.19.4.
References
https://lists.x.org/archives/xorg-announce/2017-October/002808.html https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac https://security.archlinux.org/CVE-2017-13721 https://security.archlinux.org/CVE-2017-13723
Workaround
None.