CLD-63 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-13721 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) xorg-server
Deficiency Type SECURITY
Date Created 2017-10-06 08:52:07
Date Last Modified 2017-10-06 09:14:04

Version Specific Information:

Cucumber 1.0 i686fixed in xorg-server-1.18.1-i686-4
Cucumber 1.0 x86_64fixed in xorg-server-1.18.1-x86_64-4

Cucumber 1.1 i686 fixed in xorg-server-1.18.1-i686-4
Cucumber 1.1 x86_64 fixed in xorg-server-1.18.1-x86_64-4

Details:

Official Patch:
https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1

Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.