MGASA-2015-0073

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0073.html

Import Source

https://advisories.mageia.org/MGASA-2015-0073.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0073

Related

CVE-2015-0255

Published

2015-02-17T18:38:13Z

Modified

2015-02-17T18:27:26Z

Summary

Updated x11-server packages fix CVE-2015-0255

Details

Updated x11-server packages fix security vulnerability:

Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash (CVE-2015-0255).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / x11-server

Package

Name: x11-server
Purl: pkg:rpm/mageia/x11-server?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.5-2.3.mga4

Ecosystem specific

{
    "section": "core"
}