漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events.
It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events.
It was discovered that the X.Org X server incorrectly compared MIT cookies.
漏洞危害
An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971)
An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2017-10972)
An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie. (CVE-2017-2624)
解决方案
Refer to Ubuntu advisory USN-3362-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3362-1: 16.04 (Xenial) on src (xserver-xorg-core-hwe-16.04)
USN-3362-1: 17.04 (zesty) on src (xserver-xorg-core)
USN-3362-1: 16.04 (Xenial) on src (xserver-xorg-core)
USN-3362-1: 14.04 (Kylin) on src (xserver-xorg-core)
USN-3362-1: 14.04 (Kylin) on src (xserver-xorg-core-lts-xenial)
0daybank
文章评论