Synopsis: Important: xorg-x11-server security update
Advisory ID: SLSA-2014:1983-1
Issue Date: 2014-12-11
CVE Numbers: CVE-2014-8091
CVE-2014-8092
CVE-2014-8093
CVE-2014-8095
CVE-2014-8096
CVE-2014-8097
CVE-2014-8098
CVE-2014-8099
CVE-2014-8100
CVE-2014-8101
CVE-2014-8102
CVE-2014-8094
CVE-2014-8103
—
Multiple integer overflow flaws and out-of-bounds write flaws were found
in the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated
client could use either of these flaws to crash the X.Org server or,
potentially, execute arbitrary code with root privileges. (CVE-2014-8092,
CVE-2014-8093, CVE-2014-8098)
It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)
An integer overflow flaw was found in the way the X.Org server calculated
memory requirements for certain DRI2 extension requests. A malicious,
authenticated client could use this flaw to crash the X.Org server.
(CVE-2014-8094)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
—
SL6
x86_64
xorg-x11-server-Xephyr-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-Xorg-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-common-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-debuginfo-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-Xdmx-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-Xnest-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-Xvfb-1.15.0-25.sl6.x86_64.rpm
xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm
xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm
xorg-x11-server-devel-1.15.0-25.sl6.x86_64.rpm
i386
xorg-x11-server-Xephyr-1.15.0-25.sl6.i686.rpm
xorg-x11-server-Xorg-1.15.0-25.sl6.i686.rpm
xorg-x11-server-common-1.15.0-25.sl6.i686.rpm
xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm
xorg-x11-server-Xdmx-1.15.0-25.sl6.i686.rpm
xorg-x11-server-Xnest-1.15.0-25.sl6.i686.rpm
xorg-x11-server-Xvfb-1.15.0-25.sl6.i686.rpm
xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm
noarch
xorg-x11-server-source-1.15.0-25.sl6.noarch.rpm
SL7
x86_64
xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm
xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm
xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm
xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm
noarch
xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm
– Scientific Linux Development Team
