Vulnerability CVE-2017-12183: Information

Description

xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-12183

Published: Jan. 24, 2018

Modified: Oct. 10, 2019

Error type identifier: CWE-20

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
xorg-server	sisyphus	1.19.5-alt1	21.1.13-alt1	ALT-PU-2017-2438-1	190874	Fixed
xorg-server	p10	1.19.5-alt1	1.20.14-alt12	ALT-PU-2017-2438-1	190874	Fixed
xorg-server	p9	1.19.5-alt1	1.20.8-alt12	ALT-PU-2017-2438-1	190874	Fixed
xorg-server	p8	1.18.4-alt1.M80P.6	1.19.7-alt0.M80P.1	ALT-PU-2017-2439-1	190873	Fixed
xorg-server	c10f1	1.19.5-alt1	1.20.14-alt12	ALT-PU-2017-2438-1	190874	Fixed
xorg-server	c9f2	1.19.5-alt1	1.20.8-alt12	ALT-PU-2017-2438-1	190874	Fixed
xorg-server	c7	1.14.5-alt3.M70C.4	1.14.5-alt3.M70C.4	ALT-PU-2017-2473-1	191181	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1509224	Issue Tracking Patch Third Party Advisory VDB Entry
DSA-4000	Third Party Advisory
GLSA-201711-05	Third Party Advisory VDB Entry
[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update	Mailing List Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
  End excliding
  1.19.5

Version: v24.5.0

Vulnerability CVE-2017-12183: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2