Bug 1052984 - (CVE-2017-13721) VUL-0: CVE-2017-13721: xorg-x11-server: Xext/shm: Validate shmseg resource id.
(CVE-2017-13721)
VUL-0: CVE-2017-13721: xorg-x11-server: Xext/shm: Validate shmseg resource id.
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/190132/
CVSSv3:SUSE:CVE-2017-13721:6.6:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-09 12:10 UTC by Marcus Meissner
Modified: 2018-05-25 22:37 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Marcus Meissner 2017-08-29 09:17:41 UTC
CVE-2017-13721 assigned by Mitre.
Comment 7 Michal Srb 2017-09-04 15:11:11 UTC
Submitted, reassigning to security team.
Comment 11 Marcus Meissner 2017-10-11 12:10:05 UTC
Date: Wed, 4 Oct 2017 15:24:18 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Cc: "X.Org Security Team" <xorg-security@...ts.x.org>
Subject: Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723

-------- Forwarded Message --------
Subject: X server fixes for CVE-2017-13721 & CVE-2017-13723
Date: Wed, 4 Oct 2017 15:22:58 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
Reply-To: xorg@...ts.freedesktop.org
To: xorg-announce@...ts.x.org

The X.Org Foundation today published fixes for CVE-2017-13721 & CVE-2017-13723
as part of the xorg-server 1.19.4 release.

Git commits for these vulnerabilities:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac

xorg-server 1.19.4 announcement:
https://lists.x.org/archives/xorg-announce/2017-October/002808.html

X.Org thanks Michal Srb of SuSE for finding these issues and bringing them to
our attention, Julien Cristau of Debian for getting the fixes integrated, and
Adam Jackson of Red Hat for publishing the release.

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	  X.Org Security Response Team - xorg-security@...ts.x.org
_______________________________________________
Comment 13 Swamp Workflow Management 2017-11-22 20:10:20 UTC
SUSE-SU-2017:3047-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022727,1051150,1052984,1061107,1063034,1063035,1063037,1063038,1063039,1063040,1063041
CVE References: CVE-2017-12176,CVE-2017-12177,CVE-2017-12178,CVE-2017-12179,CVE-2017-12180,CVE-2017-12181,CVE-2017-12182,CVE-2017-12183,CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187,CVE-2017-13721,CVE-2017-13723
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Server 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    xorg-x11-server-7.6_1.18.3-76.15.2
Comment 14 Marcus Meissner 2017-12-27 20:23:29 UTC
released