CLD-64 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-13723 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) xorg-server
Deficiency Type SECURITY
Date Created 2017-10-06 08:52:18
Date Last Modified 2017-10-06 09:14:19

Version Specific Information:

Cucumber 1.0 i686 fixed in xorg-server-1.18.1-i686-4
Cucumber 1.0 x86_64 fixed in xorg-server-1.18.1-x86_64-4

Cucumber 1.1 i686 fixed in xorg-server-1.18.1-i686-4
Cucumber 1.1 x86_64 fixed in xorg-server-1.18.1-x86_64-4

Details:

Official Patch:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac

xkb: Handle xkb formated string output safely (CVE-2017-13723)
Generating strings for XKB data used a single shared static buffer,
which offered several opportunities for errors. Use a ring of
resizable buffers instead, to avoid problems when strings end up
longer than anticipated.