CVE-2014-8094

Name of the Vulnerable Software and Affected Versions xorg-x11-server versions 1.7.0 through 1.16.x before 1.16.3 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xvfb version 1.15.0 xorg-x11-server-common version 1.15.0 xorg-x11-server-devel version 1.15.0

Description The issue is related to multiple vulnerabilities in the xorg-x11-server package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an authenticated attacker. Specifically, an integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a crafted request, triggering an out-of-bounds read or write.

Recommendations For xorg-x11-server versions 1.7.0 through 1.16.x before 1.16.3, update to version 1.16.3 or later to resolve the issue. For xorg-x11-server-Xdmx version 1.15.0, consider disabling the vulnerable component until a patch is available. For xorg-x11-server-debuginfo version 1.15.0, restrict access to the vulnerable module to minimize the risk of exploitation. For xorg-x11-server-Xephyr version 1.15.0, avoid using the vulnerable function until the issue is resolved. For xorg-x11-server-source version 1.15.0, xorg-x11-server-Xnest version 1.15.0, xorg-x11-server-Xvfb version 1.15.0, xorg-x11-server-common version 1.15.0, and xorg-x11-server-devel version 1.15.0, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for xorg-x11-server-1.15.0 and xorg-x11-server-Xorg-1.15.0.