Mandriva Linux Security Advisory : x11-server (MDVSA-2015:119)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated x11-server packages fix security vulnerabilities :

Ilja van Sprundel of IOActive discovered several security issues in
the X.org X server, which may lead to privilege escalation or denial
of service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093,
CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097,
CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101,
CVE-2014-8102).

Olivier Fourdan from Red Hat has discovered a protocol handling issue
in the way the X server code base handles the XkbSetGeometry request,
where the server trusts the client to send valid string lengths. A
malicious client with string lengths exceeding the request length can
cause the server to copy adjacent memory data into the XKB structs.
This data is then available to the client via the XkbGetGeometry
request. This can lead to information disclosure issues, as well as
possibly a denial of service if a similar request can cause the server
to crash (CVE-2015-0255).

See also :

http://advisories.mageia.org/MGASA-2014-0532.html
http://advisories.mageia.org/MGASA-2015-0073.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now