Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Scientific Linux: Xorg X11 Server Important Crash Threat SLSA-2014:1983-1 CVE-2014-8091

Scientific Large Esm H446
Important: xorg-x11-server security update
Date: Thu, 11 Dec 2014 22:09:00 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: xorg-x11-server on SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: xorg-x11-server security update
Advisory ID: SLSA-2014:1983-1
Issue Date: 2014-12-11
CVE Numbers: CVE-2014-8091
 CVE-2014-8092
 CVE-2014-8093
 CVE-2014-8095
 CVE-2014-8096
 CVE-2014-8097
 CVE-2014-8098
 CVE-2014-8099
 CVE-2014-8100
 CVE-2014-8101
 CVE-2014-8102
 CVE-2014-8094
 CVE-2014-8103
--

Multiple integer overflow flaws and out-of-bounds write flaws were found
in the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated
client could use either of these flaws to crash the X.Org server or,
potentially, execute arbitrary code with root privileges. (CVE-2014-8092,
CVE-2014-8093, CVE-2014-8098)

It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)

Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)

An integer overflow flaw was found in the way the X.Org server calculated
memory requirements for certain DRI2 extension requests. A malicious,
authenticated client could use this flaw to crash the X.Org server.
(CVE-2014-8094)

Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
--

SL6
 x86_64
 xorg-x11-server-Xephyr-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-Xorg-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-common-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-debuginfo-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-Xdmx-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-Xnest-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-Xvfb-1.15.0-25.sl6.x86_64.rpm
 xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-devel-1.15.0-25.sl6.x86_64.rpm
 i386
 xorg-x11-server-Xephyr-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-Xorg-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-common-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-Xdmx-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-Xnest-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-Xvfb-1.15.0-25.sl6.i686.rpm
 xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm
 noarch
 xorg-x11-server-source-1.15.0-25.sl6.noarch.rpm
SL7
 x86_64
 xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm
 xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm
 xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm
 xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm
 noarch
 xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm

- Scientific Linux Development Team