CVE-2014-8091

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-debuginfo version 1.1.1 xorg-x11-server-Xvnc-source version 1.1.1 xorg-x11-server version 1.15.0 xorg-x11-server-common version 1.15.0 xorg-x11-server-Xorg version 1.15.0 xorg-x11-server-devel version 1.15.0 X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) versions prior to 1.16.3

Description The issue is related to multiple vulnerabilities in the xorg-x11-server package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an attacker who has passed the authentication procedure. The vulnerabilities are caused by the lack of verification of the return value of a malloc call when using SUN-DES-1 (Secure RPC) authentication credentials, allowing remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.

Recommendations For xorg-x11-server-Xdmx version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-debuginfo version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-Xnest version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-Xephyr version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-source version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-Xvfb version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-debuginfo version 1.1.1, update to a version that includes the fix for this issue. For xorg-x11-server-Xvnc-source version 1.1.1, update to a version that includes the fix for this issue. For xorg-x11-server version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-common version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-Xorg version 1.15.0, update to a version that includes the fix for this issue. For xorg-x11-server-devel version 1.15.0, update to a version that includes the fix for this issue. For X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) versions prior to 1.16.3, update to version 1.16.3 or later. As a temporary workaround, consider disabling the use of SUN-DES-1 (Secure RPC) authentication credentials until a patch is available.