Scientific Linux alert SLSA-2014:1983-1 (xorg-x11-server)
| From: | Pat Riehecky <riehecky@fnal.gov> | |
| To: | <scientific-linux-errata@listserv.fnal.gov> | |
| Subject: | Security ERRATA Important: xorg-x11-server on SL6.x, SL7.x i386/x86_64 | |
| Date: | Thu, 11 Dec 2014 22:09:00 +0000 | |
| Message-ID: | <20141211220900.26827.14918@slpackages.fnal.gov> |
Synopsis: Important: xorg-x11-server security update Advisory ID: SLSA-2014:1983-1 Issue Date: 2014-12-11 CVE Numbers: CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8094 CVE-2014-8103 -- Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. (CVE-2014-8094) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) -- SL6 x86_64 xorg-x11-server-Xephyr-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-Xorg-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-common-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-Xdmx-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-Xnest-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-25.sl6.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm xorg-x11-server-devel-1.15.0-25.sl6.x86_64.rpm i386 xorg-x11-server-Xephyr-1.15.0-25.sl6.i686.rpm xorg-x11-server-Xorg-1.15.0-25.sl6.i686.rpm xorg-x11-server-common-1.15.0-25.sl6.i686.rpm xorg-x11-server-debuginfo-1.15.0-25.sl6.i686.rpm xorg-x11-server-Xdmx-1.15.0-25.sl6.i686.rpm xorg-x11-server-Xnest-1.15.0-25.sl6.i686.rpm xorg-x11-server-Xvfb-1.15.0-25.sl6.i686.rpm xorg-x11-server-devel-1.15.0-25.sl6.i686.rpm noarch xorg-x11-server-source-1.15.0-25.sl6.noarch.rpm SL7 x86_64 xorg-x11-server-Xephyr-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xorg-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-common-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xdmx-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xnest-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-Xvfb-1.15.0-7.el7_0.3.x86_64.rpm xorg-x11-server-debuginfo-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.i686.rpm xorg-x11-server-devel-1.15.0-7.el7_0.3.x86_64.rpm noarch xorg-x11-server-source-1.15.0-7.el7_0.3.noarch.rpm - Scientific Linux Development Team