[gentoo-announce] [ GLSA 201504-06 ] X.Org X Server: Multiple vulnerabilities - gentoo-announce

From:	Sergey Popov <pinkbyte@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201504-06 ] X.Org X Server: Multiple vulnerabilities
Date:	Fri, 17 Apr 2015 12:59:05
Message-Id:	`553102FF.8030805@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201504-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: X.Org X Server: Multiple vulnerabilities

9

     Date: April 17, 2015

10

     Bugs: #532086, #539692

11

       ID: 201504-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in X.Org X Server, allowing

19

attackers to execute arbitrary code or cause a Denial of Service

20

condition.

21

22

Background

23

==========

24

25

The X Window System is a graphical windowing system based on a

26

client/server model.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  x11-base/xorg-server       < 1.12.4-r4              >= 1.12.4-r4

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in X.Org X Server. Please

40

review the CVE identifiers referenced below for details.

41

42

Impact

43

======

44

45

A remote attacker could possibly execute arbitrary code with the

46

privileges of the process or cause a Denial of Service condition.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All X.Org X Server users should upgrade to the latest version:

57

58

  # emerge --sync

59

  # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.12.4-r4"

60

61

References

62

==========

63

64

[  1 ] CVE-2014-8091

65

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8091

66

[  2 ] CVE-2014-8092

67

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8092

68

[  3 ] CVE-2014-8093

69

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8093

70

[  4 ] CVE-2014-8094

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8094

72

[  5 ] CVE-2014-8095

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8095

74

[  6 ] CVE-2014-8096

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8096

76

[  7 ] CVE-2014-8097

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8097

78

[  8 ] CVE-2014-8098

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8098

80

[  9 ] CVE-2014-8099

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8099

82

[ 10 ] CVE-2014-8100

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8100

84

[ 11 ] CVE-2014-8101

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8101

86

[ 12 ] CVE-2014-8102

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8102

88

[ 13 ] CVE-2014-8103

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8103

90

[ 14 ] CVE-2015-0255

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0255

92

93

Availability

94

============

95

96

This GLSA and any updates to it are available for viewing at

97

the Gentoo Security Website:

98

99

 https://security.gentoo.org/glsa/201504-06

100

101

Concerns?

102

=========

103

104

Security is a primary focus of Gentoo Linux and ensuring the

105

confidentiality and security of our users' machines is of utmost

106

importance to us. Any security concerns should be addressed to

107

security@g.o or alternatively, you may file a bug at

108

https://bugs.gentoo.org.

109

110

License

111

=======

112

113

Copyright 2015 Gentoo Foundation, Inc; referenced text

114

belongs to its owner(s).

115

116

The contents of this document are licensed under the

117

Creative Commons - Attribution / Share Alike license.

118

119

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201504-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: X.Org X Server: Multiple vulnerabilities
9	Date: April 17, 2015
10	Bugs: #532086, #539692
11	ID: 201504-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in X.Org X Server, allowing
19	attackers to execute arbitrary code or cause a Denial of Service
20	condition.
21
22	Background
23	==========
24
25	The X Window System is a graphical windowing system based on a
26	client/server model.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 x11-base/xorg-server < 1.12.4-r4 >= 1.12.4-r4
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in X.Org X Server. Please
40	review the CVE identifiers referenced below for details.
41
42	Impact
43	======
44
45	A remote attacker could possibly execute arbitrary code with the
46	privileges of the process or cause a Denial of Service condition.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All X.Org X Server users should upgrade to the latest version:
57
58	# emerge --sync
59	# emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.12.4-r4"
60
61	References
62	==========
63
64	[ 1 ] CVE-2014-8091
65	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8091
66	[ 2 ] CVE-2014-8092
67	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8092
68	[ 3 ] CVE-2014-8093
69	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8093
70	[ 4 ] CVE-2014-8094
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8094
72	[ 5 ] CVE-2014-8095
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8095
74	[ 6 ] CVE-2014-8096
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8096
76	[ 7 ] CVE-2014-8097
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8097
78	[ 8 ] CVE-2014-8098
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8098
80	[ 9 ] CVE-2014-8099
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8099
82	[ 10 ] CVE-2014-8100
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8100
84	[ 11 ] CVE-2014-8101
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8101
86	[ 12 ] CVE-2014-8102
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8102
88	[ 13 ] CVE-2014-8103
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8103
90	[ 14 ] CVE-2015-0255
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0255
92
93	Availability
94	============
95
96	This GLSA and any updates to it are available for viewing at
97	the Gentoo Security Website:
98
99	https://security.gentoo.org/glsa/201504-06
100
101	Concerns?
102	=========
103
104	Security is a primary focus of Gentoo Linux and ensuring the
105	confidentiality and security of our users' machines is of utmost
106	importance to us. Any security concerns should be addressed to
107	security@g.o or alternatively, you may file a bug at
108	https://bugs.gentoo.org.
109
110	License
111	=======
112
113	Copyright 2015 Gentoo Foundation, Inc; referenced text
114	belongs to its owner(s).
115
116	The contents of this document are licensed under the
117	Creative Commons - Attribution / Share Alike license.
118
119	http://creativecommons.org/licenses/by-sa/2.5