{"affected":[{"ecosystem_specific":{"binaries":[{"xorg-x11-server-sdk":"7.4-27.122.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"xorg-x11-server","purl":"pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-27.122.16.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-Xvnc":"7.4-27.122.16.1","xorg-x11-server":"7.4-27.122.16.1","xorg-x11-server-extra":"7.4-27.122.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"xorg-x11-server","purl":"pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-27.122.16.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xorg-x11-Xvnc":"7.4-27.122.16.1","xorg-x11-server":"7.4-27.122.16.1","xorg-x11-server-extra":"7.4-27.122.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"xorg-x11-server","purl":"pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.4-27.122.16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xorg-x11-server provides several fixes.\n\nThese security issues were fixed:\n\n- CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and\n  XkbStringText (bsc#1051150).\n- Improve the entropy when generating random data used in X.org server authorization\n  cookies generation by using getentropy() and getrandom() when available (bsc#1025084)\n- CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed\n  unvalidated lengths in multiple extensions (bsc#1063034)\n- CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES\n  extension. (bsc#1063035)\n- CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated\n  lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions\n  (bsc#1063037)\n- CVE-2017-12179: Fixed an integer overflow and unvalidated length in\n  (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038)\n- CVE-2017-12178: Fixed a wrong extra length check in\n  ProcXIChangeHierarchy in Xi (bsc#1063039)\n- CVE-2017-12177: Fixed an unvalidated variable-length request in\n  ProcDbeGetVisualInfo (bsc#1063040)\n- CVE-2017-12176: Fixed an unvalidated extra length in\n  ProcEstablishConnection (bsc#1063041)\n\n\n","id":"SUSE-SU-2017:3025-1","modified":"2017-11-16T11:57:00Z","published":"2017-11-16T11:57:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173025-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1025084"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051150"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063037"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063038"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063039"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063040"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12178"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13723"}],"related":["CVE-2017-12176","CVE-2017-12177","CVE-2017-12178","CVE-2017-12179","CVE-2017-12180","CVE-2017-12181","CVE-2017-12182","CVE-2017-12183","CVE-2017-12184","CVE-2017-12185","CVE-2017-12186","CVE-2017-12187","CVE-2017-13723"],"summary":"Security update for xorg-x11-server","upstream":["CVE-2017-12176","CVE-2017-12177","CVE-2017-12178","CVE-2017-12179","CVE-2017-12180","CVE-2017-12181","CVE-2017-12182","CVE-2017-12183","CVE-2017-12184","CVE-2017-12185","CVE-2017-12186","CVE-2017-12187","CVE-2017-13723"]}