CVE-2014-8096

Name of the Vulnerable Software and Affected Versions xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo versions 1.1.1 through 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-common version 1.15.0 xorg-x11-server-Xorg version 1.15.0 xorg-x11-server-devel version 1.15.0 X.Org Server versions prior to 1.16.3

Description The issue affects the X.Org X Window System, allowing remote authenticated users to cause a denial of service or possibly execute arbitrary code via a crafted length or index value in the SProcXCMiscGetXIDList function. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely by an attacker who has passed the authentication procedure.

Recommendations For xorg-x11-server-Xdmx version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-debuginfo versions 1.1.1 through 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xnest version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xephyr version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-source version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xvfb version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-common version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-Xorg version 1.15.0, update to a version later than 1.15.0. For xorg-x11-server-devel version 1.15.0, update to a version later than 1.15.0. For X.Org Server versions prior to 1.16.3, update to version 1.16.3 or later. As a temporary workaround, consider disabling the SProcXCMiscGetXIDList function until a patch is available.