Stay Secure with the Latest Linux Advisories

security advisoryfedoraaccess issue

Fedora 22 Xorg X11 Server Update: Critical XWayland Access Issue

Upstream stable release of xserver 1.17.2 fix bug with glamor and overlapping copies (CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server's UNIX socket was able to connect to the server and use it as a regular client. https://lists.freedesktop.org/archives/wayland-devel/2015-June/ [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10336 2015-06-20 13:45:08 -------------------------------------------------------------------------------- Name : xorg-x11-server Product : Fedora 22 Version : 1.17.2 Release : 1.fc22 URL : https://www.x.org/wiki/ Summary : X.Org X11 X server Description : X.Org X11 X server -------------------------------------------------------------------------------- Update Information: Upstream stable release of xserver 1.17.2 fix bug with glamor and overlapping copies (CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server's UNIX socket was able to connect to the server and use it as a regular client. https://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 16 2015 Adam Jackson 1.17.2-1 - xserver 1.17.2 * Tue Jun 16 2015 Dave Airlie 1.17.1-16 - fix bug with glamor and overlapping copies * Wed Jun 10 2015 Ray Strode 1.17.1-15 - CVE-2015-3164 * Tue May 26 2015 Peter Hutterer 1.17.1-14 - Add the unaccelerated valuator masks, fixes nonmoving mouse in SDL (#1208992) * Wed May 20 2015 Kalev Lember - 1.17.1-13 - Obsolete xorg-x11-drv-void * Tue May 19 2015 Hans de Goede - 1.17.1-12 - Fix "start -- vt7" not working fix breaking headless setups(#1203780) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1232131 - CVE-2015-3164 xorg-x11-server: Xwayland allows unconditional open access to display [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1232131 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xorg-x11-server' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- . The latest upstream release of xserver 1.17.2 resolves significant access concerns encountered during the startup process of the XWayland server.. Fedora Security, Xorg Server Update, XWayland Authentication, X Server Access Issues, Server Vulnerability Fix. . Severity: Critical. LinuxSecurity.com Team

Jun 23, 2015 •Critical Fedora