New Search

RHSA-2014:1982 -- xorg-x11-server security update (Important)

oval:org.mitre.oval:def:28652

X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious authenticated client could use either of these flaws to crash the X.Org server or potentially execute arbitrary code with root privileges. (CVE-2014-8092 CVE-2014-8093 CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious authenticated client could use either of these flaws to crash the X.Org server or leak memory contents to the client. (CVE-2014-8097) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095 CVE-2014-8096 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102) All xorg-x11-server users are advised to upgrade to these updated packages which contain backported patches to correct these issues.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2014:1982
  • CESA-2014:1982
  • CVE-2014-8091
  • CVE-2014-8092
  • CVE-2014-8093
  • CVE-2014-8095
  • CVE-2014-8096
  • CVE-2014-8097
  • CVE-2014-8098
  • CVE-2014-8099
  • CVE-2014-8100
  • CVE-2014-8101
  • CVE-2014-8102
Product(s):
  • xorg-x11-server