6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.063 Low
EPSS
Percentile
93.6%
Issue Overview:
Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098)
It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091)
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097)
An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. (CVE-2014-8094)
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
Affected Packages:
xorg-x11-server
Issue Correction:
Run yum update xorg-x11-server to update your system.
New Packages:
i686:
xorg-x11-server-common-1.15.0-25.40.amzn1.i686
xorg-x11-server-Xnest-1.15.0-25.40.amzn1.i686
xorg-x11-server-devel-1.15.0-25.40.amzn1.i686
xorg-x11-server-Xorg-1.15.0-25.40.amzn1.i686
xorg-x11-server-Xephyr-1.15.0-25.40.amzn1.i686
xorg-x11-server-Xvfb-1.15.0-25.40.amzn1.i686
xorg-x11-server-Xdmx-1.15.0-25.40.amzn1.i686
xorg-x11-server-debuginfo-1.15.0-25.40.amzn1.i686
noarch:
xorg-x11-server-source-1.15.0-25.40.amzn1.noarch
src:
xorg-x11-server-1.15.0-25.40.amzn1.src
x86_64:
xorg-x11-server-Xorg-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-devel-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-Xnest-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-Xvfb-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-debuginfo-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-Xdmx-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-common-1.15.0-25.40.amzn1.x86_64
xorg-x11-server-Xephyr-1.15.0-25.40.amzn1.x86_64
Red Hat: CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103
Mitre: CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103