LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2017

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security ERRATA Moderate: X.org X11 libraries on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 21 Aug 2017 15:43:36 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (262 lines)
Synopsis:          Moderate: X.org X11 libraries security, bug fix and 
Advisory ID:       SLSA-2017:1865-1
Issue Date:        2017-08-01
CVE Numbers:       CVE-2016-10164
                   CVE-2017-2625
                   CVE-2017-2626
--

The following packages have been upgraded to a later upstream version:
libX11 (1.6.5), libXaw (1.0.13), libXdmcp (1.1.2), libXfixes (5.0.3),
libXfont (1.5.2), libXi (1.7.9), libXpm (3.5.12), libXrandr (1.5.1),
libXrender (0.9.10), libXt (1.1.5), libXtst (1.2.3), libXv (1.0.11),
libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74), libepoxy (1.3.1),
libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1), libwacom (0.24),
libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1), mesa-private-llvm
(3.9.1), xcb-proto (1.12), xkeyboard-config (2.20), xorg-x11-proto-devel
(7.7).

Security Fix(es):

* An integer overflow flaw leading to a heap-based buffer overflow was
found in libXpm. An attacker could use this flaw to crash an application
using libXpm via a specially crafted XPM file. (CVE-2016-10164)

* It was discovered that libXdmcp used weak entropy to generate session
keys. On a multi-user system using xdmcp, a local attacker could
potentially use information available from the process list to brute force
the key, allowing them to hijack other users' sessions. (CVE-2017-2625)

* It was discovered that libICE used a weak entropy to generate keys. A
local attacker could potentially use this flaw for session hijacking using
the information available from the process list. (CVE-2017-2626)
--

SL7
  x86_64
    libICE-1.0.9-9.el7.i686.rpm
    libICE-1.0.9-9.el7.x86_64.rpm
    libICE-debuginfo-1.0.9-9.el7.i686.rpm
    libICE-debuginfo-1.0.9-9.el7.x86_64.rpm
    libX11-1.6.5-1.el7.i686.rpm
    libX11-1.6.5-1.el7.x86_64.rpm
    libX11-debuginfo-1.6.5-1.el7.i686.rpm
    libX11-debuginfo-1.6.5-1.el7.x86_64.rpm
    libXaw-1.0.13-4.el7.i686.rpm
    libXaw-1.0.13-4.el7.x86_64.rpm
    libXaw-debuginfo-1.0.13-4.el7.i686.rpm
    libXaw-debuginfo-1.0.13-4.el7.x86_64.rpm
    libXcursor-1.1.14-8.el7.i686.rpm
    libXcursor-1.1.14-8.el7.x86_64.rpm
    libXcursor-debuginfo-1.1.14-8.el7.i686.rpm
    libXcursor-debuginfo-1.1.14-8.el7.x86_64.rpm
    libXdmcp-1.1.2-6.el7.i686.rpm
    libXdmcp-1.1.2-6.el7.x86_64.rpm
    libXdmcp-debuginfo-1.1.2-6.el7.i686.rpm
    libXdmcp-debuginfo-1.1.2-6.el7.x86_64.rpm
    libXfixes-5.0.3-1.el7.i686.rpm
    libXfixes-5.0.3-1.el7.x86_64.rpm
    libXfixes-debuginfo-5.0.3-1.el7.i686.rpm
    libXfixes-debuginfo-5.0.3-1.el7.x86_64.rpm
    libXfont-1.5.2-1.el7.i686.rpm
    libXfont-1.5.2-1.el7.x86_64.rpm
    libXfont-debuginfo-1.5.2-1.el7.i686.rpm
    libXfont-debuginfo-1.5.2-1.el7.x86_64.rpm
    libXfont2-2.0.1-2.el7.i686.rpm
    libXfont2-2.0.1-2.el7.x86_64.rpm
    libXfont2-debuginfo-2.0.1-2.el7.i686.rpm
    libXfont2-debuginfo-2.0.1-2.el7.x86_64.rpm
    libXi-1.7.9-1.el7.i686.rpm
    libXi-1.7.9-1.el7.x86_64.rpm
    libXi-debuginfo-1.7.9-1.el7.i686.rpm
    libXi-debuginfo-1.7.9-1.el7.x86_64.rpm
    libXpm-3.5.12-1.el7.i686.rpm
    libXpm-3.5.12-1.el7.x86_64.rpm
    libXpm-debuginfo-3.5.12-1.el7.i686.rpm
    libXpm-debuginfo-3.5.12-1.el7.x86_64.rpm
    libXrandr-1.5.1-2.el7.i686.rpm
    libXrandr-1.5.1-2.el7.x86_64.rpm
    libXrandr-debuginfo-1.5.1-2.el7.i686.rpm
    libXrandr-debuginfo-1.5.1-2.el7.x86_64.rpm
    libXrender-0.9.10-1.el7.i686.rpm
    libXrender-0.9.10-1.el7.x86_64.rpm
    libXrender-debuginfo-0.9.10-1.el7.i686.rpm
    libXrender-debuginfo-0.9.10-1.el7.x86_64.rpm
    libXt-1.1.5-3.el7.i686.rpm
    libXt-1.1.5-3.el7.x86_64.rpm
    libXt-debuginfo-1.1.5-3.el7.i686.rpm
    libXt-debuginfo-1.1.5-3.el7.x86_64.rpm
    libXtst-1.2.3-1.el7.i686.rpm
    libXtst-1.2.3-1.el7.x86_64.rpm
    libXtst-debuginfo-1.2.3-1.el7.i686.rpm
    libXtst-debuginfo-1.2.3-1.el7.x86_64.rpm
    libXv-1.0.11-1.el7.i686.rpm
    libXv-1.0.11-1.el7.x86_64.rpm
    libXv-debuginfo-1.0.11-1.el7.i686.rpm
    libXv-debuginfo-1.0.11-1.el7.x86_64.rpm
    libXvMC-1.0.10-1.el7.i686.rpm
    libXvMC-1.0.10-1.el7.x86_64.rpm
    libXvMC-debuginfo-1.0.10-1.el7.i686.rpm
    libXvMC-debuginfo-1.0.10-1.el7.x86_64.rpm
    libXxf86vm-1.1.4-1.el7.i686.rpm
    libXxf86vm-1.1.4-1.el7.x86_64.rpm
    libXxf86vm-debuginfo-1.1.4-1.el7.i686.rpm
    libXxf86vm-debuginfo-1.1.4-1.el7.x86_64.rpm
    libdrm-2.4.74-1.el7.i686.rpm
    libdrm-2.4.74-1.el7.x86_64.rpm
    libdrm-debuginfo-2.4.74-1.el7.i686.rpm
    libdrm-debuginfo-2.4.74-1.el7.x86_64.rpm
    libepoxy-1.3.1-1.el7.i686.rpm
    libepoxy-1.3.1-1.el7.x86_64.rpm
    libepoxy-debuginfo-1.3.1-1.el7.i686.rpm
    libepoxy-debuginfo-1.3.1-1.el7.x86_64.rpm
    libevdev-1.5.6-1.el7.i686.rpm
    libevdev-1.5.6-1.el7.x86_64.rpm
    libevdev-debuginfo-1.5.6-1.el7.i686.rpm
    libevdev-debuginfo-1.5.6-1.el7.x86_64.rpm
    libfontenc-1.1.3-3.el7.i686.rpm
    libfontenc-1.1.3-3.el7.x86_64.rpm
    libfontenc-debuginfo-1.1.3-3.el7.i686.rpm
    libfontenc-debuginfo-1.1.3-3.el7.x86_64.rpm
    libinput-1.6.3-2.el7.i686.rpm
    libinput-1.6.3-2.el7.x86_64.rpm
    libinput-debuginfo-1.6.3-2.el7.i686.rpm
    libinput-debuginfo-1.6.3-2.el7.x86_64.rpm
    libvdpau-1.1.1-3.el7.i686.rpm
    libvdpau-1.1.1-3.el7.x86_64.rpm
    libvdpau-debuginfo-1.1.1-3.el7.i686.rpm
    libvdpau-debuginfo-1.1.1-3.el7.x86_64.rpm
    libwacom-0.24-1.el7.i686.rpm
    libwacom-0.24-1.el7.x86_64.rpm
    libwacom-debuginfo-0.24-1.el7.i686.rpm
    libwacom-debuginfo-0.24-1.el7.x86_64.rpm
    libxcb-1.12-1.el7.i686.rpm
    libxcb-1.12-1.el7.x86_64.rpm
    libxcb-debuginfo-1.12-1.el7.i686.rpm
    libxcb-debuginfo-1.12-1.el7.x86_64.rpm
    libxkbcommon-0.7.1-1.el7.i686.rpm
    libxkbcommon-0.7.1-1.el7.x86_64.rpm
    libxkbcommon-debuginfo-0.7.1-1.el7.i686.rpm
    libxkbcommon-debuginfo-0.7.1-1.el7.x86_64.rpm
    libxkbcommon-x11-0.7.1-1.el7.i686.rpm
    libxkbcommon-x11-0.7.1-1.el7.x86_64.rpm
    libxkbfile-1.0.9-3.el7.i686.rpm
    libxkbfile-1.0.9-3.el7.x86_64.rpm
    libxkbfile-debuginfo-1.0.9-3.el7.i686.rpm
    libxkbfile-debuginfo-1.0.9-3.el7.x86_64.rpm
    mesa-debuginfo-17.0.1-6.20170307.el7.i686.rpm
    mesa-debuginfo-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-dri-drivers-17.0.1-6.20170307.el7.i686.rpm
    mesa-dri-drivers-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-filesystem-17.0.1-6.20170307.el7.i686.rpm
    mesa-filesystem-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libEGL-17.0.1-6.20170307.el7.i686.rpm
    mesa-libEGL-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libGL-17.0.1-6.20170307.el7.i686.rpm
    mesa-libGL-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libGLES-17.0.1-6.20170307.el7.i686.rpm
    mesa-libGLES-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libgbm-17.0.1-6.20170307.el7.i686.rpm
    mesa-libgbm-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libglapi-17.0.1-6.20170307.el7.i686.rpm
    mesa-libglapi-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libxatracker-17.0.1-6.20170307.el7.i686.rpm
    mesa-libxatracker-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-private-llvm-3.9.1-3.el7.i686.rpm
    mesa-private-llvm-3.9.1-3.el7.x86_64.rpm
    mesa-private-llvm-debuginfo-3.9.1-3.el7.i686.rpm
    mesa-private-llvm-debuginfo-3.9.1-3.el7.x86_64.rpm
    drm-utils-2.4.74-1.el7.x86_64.rpm
    libICE-devel-1.0.9-9.el7.i686.rpm
    libICE-devel-1.0.9-9.el7.x86_64.rpm
    libX11-devel-1.6.5-1.el7.i686.rpm
    libX11-devel-1.6.5-1.el7.x86_64.rpm
    libXaw-devel-1.0.13-4.el7.i686.rpm
    libXaw-devel-1.0.13-4.el7.x86_64.rpm
    libXcursor-devel-1.1.14-8.el7.i686.rpm
    libXcursor-devel-1.1.14-8.el7.x86_64.rpm
    libXdmcp-devel-1.1.2-6.el7.i686.rpm
    libXdmcp-devel-1.1.2-6.el7.x86_64.rpm
    libXfixes-devel-5.0.3-1.el7.i686.rpm
    libXfixes-devel-5.0.3-1.el7.x86_64.rpm
    libXfont-devel-1.5.2-1.el7.i686.rpm
    libXfont-devel-1.5.2-1.el7.x86_64.rpm
    libXfont2-devel-2.0.1-2.el7.i686.rpm
    libXfont2-devel-2.0.1-2.el7.x86_64.rpm
    libXi-devel-1.7.9-1.el7.i686.rpm
    libXi-devel-1.7.9-1.el7.x86_64.rpm
    libXpm-devel-3.5.12-1.el7.i686.rpm
    libXpm-devel-3.5.12-1.el7.x86_64.rpm
    libXrandr-devel-1.5.1-2.el7.i686.rpm
    libXrandr-devel-1.5.1-2.el7.x86_64.rpm
    libXrender-devel-0.9.10-1.el7.i686.rpm
    libXrender-devel-0.9.10-1.el7.x86_64.rpm
    libXt-devel-1.1.5-3.el7.i686.rpm
    libXt-devel-1.1.5-3.el7.x86_64.rpm
    libXtst-devel-1.2.3-1.el7.i686.rpm
    libXtst-devel-1.2.3-1.el7.x86_64.rpm
    libXv-devel-1.0.11-1.el7.i686.rpm
    libXv-devel-1.0.11-1.el7.x86_64.rpm
    libXvMC-devel-1.0.10-1.el7.i686.rpm
    libXvMC-devel-1.0.10-1.el7.x86_64.rpm
    libXxf86vm-devel-1.1.4-1.el7.i686.rpm
    libXxf86vm-devel-1.1.4-1.el7.x86_64.rpm
    libdrm-devel-2.4.74-1.el7.i686.rpm
    libdrm-devel-2.4.74-1.el7.x86_64.rpm
    libepoxy-devel-1.3.1-1.el7.i686.rpm
    libepoxy-devel-1.3.1-1.el7.x86_64.rpm
    libevdev-devel-1.5.6-1.el7.i686.rpm
    libevdev-devel-1.5.6-1.el7.x86_64.rpm
    libevdev-utils-1.5.6-1.el7.x86_64.rpm
    libfontenc-devel-1.1.3-3.el7.i686.rpm
    libfontenc-devel-1.1.3-3.el7.x86_64.rpm
    libinput-devel-1.6.3-2.el7.i686.rpm
    libinput-devel-1.6.3-2.el7.x86_64.rpm
    libvdpau-devel-1.1.1-3.el7.i686.rpm
    libvdpau-devel-1.1.1-3.el7.x86_64.rpm
    libwacom-devel-0.24-1.el7.i686.rpm
    libwacom-devel-0.24-1.el7.x86_64.rpm
    libxcb-devel-1.12-1.el7.i686.rpm
    libxcb-devel-1.12-1.el7.x86_64.rpm
    libxkbcommon-devel-0.7.1-1.el7.i686.rpm
    libxkbcommon-devel-0.7.1-1.el7.x86_64.rpm
    libxkbcommon-x11-devel-0.7.1-1.el7.i686.rpm
    libxkbcommon-x11-devel-0.7.1-1.el7.x86_64.rpm
    libxkbfile-devel-1.0.9-3.el7.i686.rpm
    libxkbfile-devel-1.0.9-3.el7.x86_64.rpm
    mesa-libEGL-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libEGL-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libGL-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libGL-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libGLES-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libGLES-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libOSMesa-17.0.1-6.20170307.el7.i686.rpm
    mesa-libOSMesa-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libOSMesa-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libOSMesa-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libgbm-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libgbm-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-libxatracker-devel-17.0.1-6.20170307.el7.i686.rpm
    mesa-libxatracker-devel-17.0.1-6.20170307.el7.x86_64.rpm
    mesa-private-llvm-devel-3.9.1-3.el7.i686.rpm
    mesa-private-llvm-devel-3.9.1-3.el7.x86_64.rpm
    mesa-vulkan-drivers-17.0.1-6.20170307.el7.x86_64.rpm
    vulkan-1.0.39.1-2.el7.i686.rpm
    vulkan-1.0.39.1-2.el7.x86_64.rpm
    vulkan-debuginfo-1.0.39.1-2.el7.i686.rpm
    vulkan-debuginfo-1.0.39.1-2.el7.x86_64.rpm
    vulkan-devel-1.0.39.1-2.el7.i686.rpm
    vulkan-devel-1.0.39.1-2.el7.x86_64.rpm
  noarch
    libX11-common-1.6.5-1.el7.noarch.rpm
    libwacom-data-0.24-1.el7.noarch.rpm
    xkeyboard-config-2.20-1.el7.noarch.rpm
    libvdpau-docs-1.1.1-3.el7.noarch.rpm
    libxcb-doc-1.12-1.el7.noarch.rpm
    vulkan-filesystem-1.0.39.1-2.el7.noarch.rpm
    xcb-proto-1.12-2.el7.noarch.rpm
    xkeyboard-config-devel-2.20-1.el7.noarch.rpm
    xorg-x11-proto-devel-7.7-20.el7.noarch.rpm

- Scientific Linux Development Team
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV