| Description: | X.Org is an open source implementation of the X Window System. It providesthe basic low-level functionality that full-fledged graphical userinterfaces are designed upon.Multiple integer overflow flaws and out-of-bounds write flaws were found inthe way the X.Org server calculated memory requirements for certain X11core protocol and GLX extension requests. A malicious, authenticated clientcould use either of these flaws to crash the X.Org server or, potentially,execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,CVE-2014-8098)It was found that the X.Org server did not properly handle SUN-DES-1(Secure RPC) authentication credentials. A malicious, unauthenticatedclient could use this flaw to crash the X.Org server by submitting aspecially crafted authentication request. (CVE-2014-8091)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver, or leak memory contents to the client. (CVE-2014-8097)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,CVE-2014-8101, CVE-2014-8102)All xorg-x11-server users are advised to upgrade to these updated packages,which contain backported patches to correct these issues. |