VDB
SUSE-SU-2017%3A1850-1
SUSE-SU-2017%3A1850-1
PUBLISHED
CVSS 8.800000190734863 HIGH
This update for xorg-x11-server fixes the following issues: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| xorg |
Timeline
- Jul 12, 2017 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/security/rating/ url
- https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1850-1.json advisory
- https://www.suse.com/support/update/announcement/2017/suse-su-20171850-1/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2017-July/003027.html advisory
- https://bugzilla.suse.com/1035283 advisory
- https://www.suse.com/security/cve/CVE-2017-10971/ advisory
- https://www.suse.com/security/cve/CVE-2017-10972/ advisory