Bug 1051150 - (CVE-2017-13723) VUL-0: CVE-2017-13723: xorg-x11-server, xorg-x11: Local DoS via unusual characters in XkbAtomText and XkbStringText
(CVE-2017-13723)
VUL-0: CVE-2017-13723: xorg-x11-server, xorg-x11: Local DoS via unusual chara...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/189255/
CVSSv3:RedHat:CVE-2017-13723:4.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-28 09:14 UTC by Johannes Segitz
Modified: 2018-05-25 22:44 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2017-08-28 10:03:40 UTC
QA REPRODUCER:

gcc main.c -lX11 -o main -lxcb

valgrind Xvfb :1 &

DISPLAY=:1 ./main

should not cause valgrind invalid reads
Comment 6 Marcus Meissner 2017-08-29 09:22:30 UTC
Mitre has assigned CVE-2017-13723.
Comment 8 Michal Srb 2017-09-04 15:11:07 UTC
Submitted, reassigning to security team.
Comment 13 Marcus Meissner 2017-10-11 12:07:08 UTC
is public

    MLIST:[oss-security] 20171004 Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723
    URL:http://www.openwall.com/lists/oss-security/2017/10/04/10
    MLIST:[xorg-announce] 20171004 [ANNOUNCE] xorg-server 1.19.4
    URL:https://lists.x.org/archives/xorg-announce/2017-October/002808.html
    CONFIRM:https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
Comment 15 Swamp Workflow Management 2017-11-16 17:09:38 UTC
SUSE-SU-2017:3025-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1025084,1051150,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
Comment 16 Swamp Workflow Management 2017-11-22 20:10:11 UTC
SUSE-SU-2017:3047-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022727,1051150,1052984,1061107,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13721,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
Comment 17 Marcus Meissner 2017-12-27 20:21:49 UTC
released