[SECURITY] [DLA 1026-1] xorg-server security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : xorg-server
Version : 2:1.12.4-6+deb7u7
CVE ID : CVE-2017-10971 CVE-2017-10972
Debian Bug : 867492 867492
CVE-2017-10971
A user authenticated to an X Session could crash or execute code in the
context of the X Server by exploiting a stack overflow in the endianness
conversion of X Events.
CVE-2017-10972
Uninitialized data in endianness conversion in the XEvent handling of the
X.Org X Server allowed authenticated malicious users to access potentially
privileged data from the X server.
For Debian 7 "Wheezy", these problems have been fixed in version
2:1.12.4-6+deb7u7.
We recommend that you upgrade your xorg-server packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAllouB4ACgkQ+COicpiD
yXzyVw/+LgBXoB7lEUs4la1C4qUrt0VomKI5xstr/V0mNGPE9+W/xD7C1/UcvPwX
PbmL9HiWGcf51ygQ786GjcoVWsDWiKAiaQsygoE9sd8hW4/wIrMlsGjNzLZIowjv
8UUG62ff0Oj0G24YLVfBcVTdyHuw0Ns3qJQVIeVphv45CLetGYBwGJxO3W8E37fv
z0vAbNG/iqyHGWRRIETLNF+zgdu5vA5yZFCSnkBQ03Uu5pzAsVTkeI5kUTtOWRPv
ru1MxDoMQHVia4kK6CddeNNe8qseE6V5QtROUFhdPDvkcHcYuj3DJVlpzev8EgwX
0jCFZ5Wvsm0L3qrDFTd/ycG+uNBM2dKzQ48BE/VTTb78IDWMKMPDCRJYXEbEAEJu
dygMdqbNMWvtbrpTEdWxrcjg9LvFdDOq7pVdbxWjxeYMxd+XecT1LDaLW6vwEguq
QYvcYVM7b5Mn88vxV3lddQ2S3SyvEyk/VOUruxFuUI8KfOC/nonZHjCO3eVetOrN
CV8SqCInk0/M9lkWKG0W2kZhsSxeF+R2A1XEXXfPcBtipw8pBYeQ3/l0WWbLbufW
hP1quLpaGIpvL5CUxOJUb8HPfDp0omy5cYTKGTI51blR38qIJCRU+Sw8ba5hnhtL
/IMaajWKZVnoggTBp5fEnQzoVnMlgWp/2ZGH9DhmMAkHbf+9Hb8=
=TUl7
-----END PGP SIGNATURE-----
Reply to: