Bug 1063038 (CVE-2017-12179)

Summary: VUL-0: CVE-2017-12179: xorg-x11-server: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: sndirsch
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2017-12179:4.6:(AV:N/AC:H/Au:S/C:P/I:P/A:P) CVSSv3:SUSE:CVE-2017-12179:5.0:(AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) maint:released:sle10-sp3:63887 CVSSv3:RedHat:CVE-2017-12179:5.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVSSv2:NVD:CVE-2017-12179:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv3:RedHat:CVE-2017-12179:7.5:(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Upstream patch

Description Johannes Segitz 2017-10-12 14:26:10 UTC
Created attachment 744112 [details]
Upstream patch

CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer

Details are in https://cgit.freedesktop.org/xorg/xserver/
Comment 1 Bernhard Wiedemann 2017-10-16 12:01:45 UTC
This is an autogenerated message for OBS integration:
This bug (1063038) was mentioned in
https://build.opensuse.org/request/show/534191 42.2+42.3 / xorg-x11-server
Comment 3 Stefan Dirsch 2017-10-16 15:24:44 UTC
sle10-sp4: SR#143999
TW is considered done by the update to xorg-server 1.19.5
Comment 4 Stefan Dirsch 2017-10-16 15:28:08 UTC
Security update done. Reassigning to security team for tracking.
Comment 7 Swamp Workflow Management 2017-10-18 14:51:02 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-11-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63886
Comment 9 Swamp Workflow Management 2017-10-20 22:16:58 UTC
openSUSE-SU-2017:2823-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187
Sources used:
openSUSE Leap 42.3 (src):    xorg-x11-server-7.6_1.18.3-28.1
openSUSE Leap 42.2 (src):    xorg-x11-server-7.6_1.18.3-12.26.1
Comment 10 Swamp Workflow Management 2017-11-16 17:10:11 UTC
SUSE-SU-2017:3025-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1025084,1051150,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
Comment 11 Swamp Workflow Management 2017-11-22 20:10:58 UTC
SUSE-SU-2017:3047-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022727,1051150,1052984,1061107,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13721,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
Comment 12 Marcus Meissner 2017-12-27 20:14:15 UTC
released