Bug 1035283 – VUL-0: CVE-2017-10971 CVE-2017-10972: xorg-x11-server: various overflows in event processor

Bug 1035283 - (CVE-2017-10971) VUL-0: CVE-2017-10971 CVE-2017-10972: xorg-x11-server: various overflows in event processor

(CVE-2017-10971)
Summary:	VUL-0: CVE-2017-10971 CVE-2017-10972: xorg-x11-server: various overflows in e...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:oes11-sp2:63768 CVSSv3...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-04-20 15:36 UTC by Marcus Meissner
Modified:	2018-06-21 21:45 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Patches to fix the issues (2.61 KB, application/gzip) 2017-06-05 15:02 UTC, Michal Srb	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 9 Michal Srb 2017-06-05 15:02:05 UTC

Created attachment 727708 [details]
Patches to fix the issues

The patches I sent to xorg-security@lists.x.org are in the attachment.

Projects are prepared with them backported in IBS:
home:michalsrb:branches:bnc1035283:SUSE:SLE-11-SP3:Update/xorg-x11-server
home:michalsrb:branches:bnc1035283:SUSE:SLE-12-SP1:Update/xorg-x11-server
home:michalsrb:branches:bnc1035283:SUSE:SLE-12-SP2:Update/xorg-x11-server
home:michalsrb:branches:bnc1035283:SUSE:SLE-12:Update/xorg-x11-server

The code didn't change in a while, so only backporting necessary were whitespace fixes.

Comment 13 Michal Srb 2017-06-12 11:43:04 UTC

Update from the security mailing list:

Peter Hutterer <peter.hutterer@who-t.net>:
> doh, sorry that one got swamped out. IMO we don't need a CVE here and 
> I'm happy to push this directly. I'll let this sit for a few days for 
> anyone to convince the list to do the CVE happy dance.

Comment 14 Michal Srb 2017-06-23 13:25:46 UTC

The patches have been (silently) pushed to X server's upstream. So we are free to release the update.

Comment 16 Marcus Meissner 2017-06-27 15:43:40 UTC

making bug public.

the x team has decided these are not security problems.

Comment 18 Michal Srb 2017-07-03 11:50:13 UTC

(In reply to Marcus Meissner from comment #16)
> making bug public.
> 
> the x team has decided these are not security problems.

Do we still consider it a security problem? So now when the submissions are done, should I close the bug or reassign to security team?

Comment 24 Marcus Meissner 2017-07-06 11:02:38 UTC

(In reply to Marcus Meissner from comment #23)
> I requested a CVE (stack overflow) for:
> 
> https://cgit.freedesktop.org/xorg/xserver/commit/
> ?id=ba336b24052122b136486961c82deac76bbde455
> https://cgit.freedesktop.org/xorg/xserver/commit/
> ?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
> https://cgit.freedesktop.org/xorg/xserver/commit/
> ?id=215f894965df5fb0bb45b107d84524e700d2073c

CVE-2017-10971.

> And one CVE (information leak) for:
> 
> https://cgit.freedesktop.org/xorg/xserver/commit/
> ?id=05442de962d3dc624f79fc1a00eca3ffc5489ced

CVE-2017-10972.

Comment 25 Marcus Meissner 2017-07-06 12:17:07 UTC

so yes .. handling as security issue. if you can add the CVE ids to factory that would be great.

Comment 27 Swamp Workflow Management 2017-07-07 04:59:18 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-07-14.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63759

Comment 29 Bernhard Wiedemann 2017-07-07 10:00:28 UTC

This is an autogenerated message for OBS integration:
This bug (1035283) was mentioned in
https://build.opensuse.org/request/show/508731 Factory / xorg-x11-server
https://build.opensuse.org/request/show/508736 42.2 / xorg-x11-server

Comment 30 Bernhard Wiedemann 2017-07-10 14:00:30 UTC

This is an autogenerated message for OBS integration:
This bug (1035283) was mentioned in
https://build.opensuse.org/request/show/509178 42.3 / xorg-x11-server

Comment 36 Bernhard Wiedemann 2017-07-12 10:00:27 UTC

This is an autogenerated message for OBS integration:
This bug (1035283) was mentioned in
https://build.opensuse.org/request/show/509658 42.3 / xorg-x11-server

Comment 37 Swamp Workflow Management 2017-07-12 19:12:05 UTC

SUSE-SU-2017:1850-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1035283
CVE References: CVE-2017-10971,CVE-2017-10972
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Server 11-SP4 (src):    xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.121.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xorg-x11-server-7.4-27.121.2

Comment 39 Swamp Workflow Management 2017-07-14 13:10:21 UTC

SUSE-SU-2017:1859-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1035283
CVE References: CVE-2017-10971,CVE-2017-10972
Sources used:
SUSE OpenStack Cloud 6 (src):    xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xorg-x11-server-7.6_1.15.2-53.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xorg-x11-server-7.6_1.15.2-53.3.1

Comment 40 Swamp Workflow Management 2017-07-14 13:10:51 UTC

SUSE-SU-2017:1860-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1035283
CVE References: CVE-2017-10971,CVE-2017-10972
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Server 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-74.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-74.2

Comment 41 Swamp Workflow Management 2017-07-14 13:11:14 UTC

SUSE-SU-2017:1861-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1035283
CVE References: CVE-2017-10971,CVE-2017-10972
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xorg-x11-server-7.6_1.15.2-30.22.1
SUSE Linux Enterprise Server 12-LTSS (src):    xorg-x11-server-7.6_1.15.2-30.22.1

Comment 42 Swamp Workflow Management 2017-07-15 13:09:34 UTC

openSUSE-SU-2017:1885-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1025084,1035283
CVE References: CVE-2017-10971,CVE-2017-10972
Sources used:
openSUSE Leap 42.2 (src):    xorg-x11-server-7.6_1.18.3-12.20.1

Comment 44 Marcus Meissner 2017-10-25 19:40:36 UTC

released