Bug 1063039 - (CVE-2017-12178) VUL-0: CVE-2017-12178: xorg-x11-server: Xi: fix wrong extra length check in ProcXIChangeHierarchy
(CVE-2017-12178)
VUL-0: CVE-2017-12178: xorg-x11-server: Xi: fix wrong extra length check in P...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-12178:4.6:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-12 14:27 UTC by Johannes Segitz
Modified: 2018-05-25 22:43 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Upstream patches (1.04 KB, patch)
2017-10-12 14:27 UTC, Johannes Segitz
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-10-12 14:27:11 UTC
Created attachment 744113 [details]
Upstream patches

CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy

Details are in https://cgit.freedesktop.org/xorg/xserver/
Comment 1 Bernhard Wiedemann 2017-10-16 12:02:04 UTC
This is an autogenerated message for OBS integration:
This bug (1063039) was mentioned in
https://build.opensuse.org/request/show/534191 42.2+42.3 / xorg-x11-server
Comment 3 Stefan Dirsch 2017-10-16 15:24:52 UTC
sle10-sp4: SR#143999
TW is considered done by the update to xorg-server 1.19.5
Comment 4 Stefan Dirsch 2017-10-16 15:28:16 UTC
Security update done. Reassigning to security team for tracking.
Comment 7 Swamp Workflow Management 2017-10-18 14:51:21 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-11-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63886
Comment 9 Swamp Workflow Management 2017-10-20 22:17:04 UTC
openSUSE-SU-2017:2823-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187
Sources used:
openSUSE Leap 42.3 (src):    xorg-x11-server-7.6_1.18.3-28.1
openSUSE Leap 42.2 (src):    xorg-x11-server-7.6_1.18.3-12.26.1
Comment 10 Swamp Workflow Management 2017-11-16 17:10:19 UTC
SUSE-SU-2017:3025-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1025084,1051150,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.122.16.1
Comment 11 Swamp Workflow Management 2017-11-22 20:11:04 UTC
SUSE-SU-2017:3047-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022727,1051150,1052984,1061107,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13721,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
Comment 12 Marcus Meissner 2017-12-27 20:14:04 UTC
released