Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 22 Xorg X11 Server Update: Critical XWayland Access Issue

fedora
Calendar Grey June 23, 2015
Dist Fedora Esm H88
The latest upstream release of xserver 1.17.2 resolves significant access concerns encountered during the startup process of the XWayland server.
Upstream stable release of xserver 1.17.2 fix bug with glamor and overlapping copies (CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up ...

Summary

X.Org X11 X server

Update Information:

Upstream stable release of xserver 1.17.2 fix bug with glamor and overlapping copies (CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server's UNIX socket was able to connect to the server and use it as a regular client. https://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html

Topics%20covered

Topics Covered

security advisory fedora access issue security patch xorg server authentication setup xwayland

Change Log

* Tue Jun 16 2015 Adam Jackson 1.17.2-1 - xserver 1.17.2 * Tue Jun 16 2015 Dave Airlie 1.17.1-16 - fix bug with glamor and overlapping copies * Wed Jun 10 2015 Ray Strode 1.17.1-15 - CVE-2015-3164 * Tue May 26 2015 Peter Hutterer 1.17.1-14 - Add the unaccelerated valuator masks, fixes nonmoving mouse in SDL (#1208992) * Wed May 20 2015 Kalev Lember - 1.17.1-13 - Obsolete xorg-x11-drv-void * Tue May 19 2015 Hans de Goede - 1.17.1-12 - Fix "start -- vt7" not working fix breaking headless setups (#1203780)

References


[ 1 ] Bug #1232131 - CVE-2015-3164 xorg-x11-server: Xwayland allows unconditional open access to display [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1232131

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xorg-x11-server' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xorg-x11-server
Product: Fedora 22
Version: 1.17.2
Release: 1.fc22
URL: https://www.x.org/wiki/
Summary: X.Org X11 X server

Topics%20covered

Topics Covered

security advisory fedora access issue security patch xorg server authentication setup xwayland

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here