What Are You Looking For?

Sign Up
Date:         Thu, 11 Dec 2014 21:14:28 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Important: xorg-x11-server on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: xorg-x11-server security update
Advisory ID:       SLSA-2014:1982-1
Issue Date:        2014-12-11
CVE Numbers:       CVE-2014-8091
                   CVE-2014-8092
                   CVE-2014-8093
                   CVE-2014-8095
                   CVE-2014-8096
                   CVE-2014-8097
                   CVE-2014-8098
                   CVE-2014-8099
                   CVE-2014-8100
                   CVE-2014-8101
                   CVE-2014-8102
--

Multiple integer overflow flaws and out-of-bounds write flaws were found
in the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated
client could use either of these flaws to crash the X.Org server or,
potentially, execute arbitrary code with root privileges. (CVE-2014-8092,
CVE-2014-8093, CVE-2014-8098)

It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)

Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)

Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102)
--

SL5
  x86_64
    xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-Xnest-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-Xorg-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm
    xorg-x11-server-sdk-1.1.1-48.107.el5_11.x86_64.rpm
  i386
    xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-Xnest-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-Xorg-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm
    xorg-x11-server-sdk-1.1.1-48.107.el5_11.i386.rpm

- Scientific Linux Development Team

SciLinux: CVE-2014-8091 Important: xorg-x11-server SL5.x i386/x86_64

Important: xorg-x11-server security update

Summary

Important: xorg-x11-server security update



Security Fixes

Severity
Advisory ID: SLSA-2014:1982-1
Issued Date: : 2014-12-11
CVE Numbers: CVE-2014-8091
CVE-2014-8092
CVE-2014-8093

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo