Security update for xorg-x11-server
SUSE Security Update: Security update for xorg-x11-server
| Announcement ID: | SUSE-SU-2017:1741-1 |
| Rating: | moderate |
| References: | #1019649 #1025029 #1025035 #1025084 #981044 |
| Affected Products: |
An update that solves one vulnerability and has four fixes is now available.
Description:
This update for xorg-x11-server fixes the following issues:
Security issues:
- CVE-2017-2624: Prevent timing attack against MIT cookie. (bsc#1025029,
CVE-2017-2624)
Non security issues:
- Use arc4random to generate cookies. (bsc#1025084)
- XDrawArc performance improvement (bsc#1019649)
- Fix byte swapping for gradeint stops (bsc#981044).
- Remove unused function with use-after-free issue. (bsc#1025035)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-xorg-x11-server-13186=1 - SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-xorg-x11-server-13186=1 - SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-xorg-x11-server-13186=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- xorg-x11-server-sdk-7.4-27.118.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- xorg-x11-Xvnc-7.4-27.118.1
- xorg-x11-server-7.4-27.118.1
- xorg-x11-server-extra-7.4-27.118.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- xorg-x11-server-debuginfo-7.4-27.118.1
- xorg-x11-server-debugsource-7.4-27.118.1