Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat: RHSA-2015:0800-01 Moderate: xorg-x11-server Security Vulnerability

red hat
Calendar Grey April 10, 2015
Dist Redhat Esm H88
A security patch has been released for xorg-x11-server in Red Hat Enterprise Linux, targeting a potential data exposure vulnerability.
Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)
This issue was discovered by Olivier Fourdan of Red Hat.
All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat information leak buffer over-read xorg-x11-server

References

https://access.redhat.com/security/cve/CVE-2015-0255 https://access.redhat.com/security/updates/classification#moderate https://www.x.org/wiki/Development/Security/Advisory-2015-02-10/

Package List

Red Hat Enterprise Linux Desktop (v. 6):
Source: xorg-x11-server-1.15.0-26.el6_6.src.rpm
i386: xorg-x11-server-Xephyr-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.i686.rpm xorg-x11-server-common-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm
x86_64: xorg-x11-server-Xephyr-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-common-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: xorg-x11-server-Xdmx-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.i686.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm
noarch: xorg-x11-server-source-1.15.0-26.el6_6.noarch.rpm
x86_64: xorg-x11-server-Xdmx-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.i686.rpm xorg-x11-server-debuginfo-1.15.0-26.el6_6.x86_64.rpm xorg-x11-server-devel-1.15.0-26.el6_6.i686.rpm xorg-x11-server-devel-1.15.0-26.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:

Read the Full Advisory


Advisory ID: RHSA-2015:0797-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2015:0797.html
Issue date: 2015-04-10

Topic

Updated xorg-x11-server packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Topics%20covered

Topics Covered

security advisory moderate security update Red Hat information leak buffer over-read xorg-x11-server

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1189062 - CVE-2015-0255 xorg-x11-server: information leak in the XkbSetGeometry request of X servers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here