6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.079 Low
EPSS
Percentile
94.2%
Package : xorg-server
Version : 2:1.7.7-18+deb6u2
CVE ID : CVE-2015-0255
Olivier Fourdan discovered that missing input validation in the Xserver's
handling of XkbSetGeometry requests may result in an information leak or
denial of service.
This upload to Debian squeeze-lts fixes the issue by not swapping
XkbSetGeometry data in the input buffer any more and checking strings'
length against request size.
–
mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | xserver-xorg-core | < 2:1.7.7-18+deb6u2 | xserver-xorg-core_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xorg-server | < 2:1.7.7-18+deb6u2 | xorg-server_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xdmx-tools | < 2:1.7.7-18+deb6u2 | xdmx-tools_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xserver-common | < 2:1.7.7-18+deb6u2 | xserver-common_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xserver-xorg-core-dbg | < 2:1.7.7-18+deb6u2 | xserver-xorg-core-dbg_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xnest | < 2:1.7.7-18+deb6u2 | xnest_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xserver-xorg-core-udeb | < 2:1.7.7-18+deb6u2 | xserver-xorg-core-udeb_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xserver-xorg-dev | < 2:1.7.7-18+deb6u2 | xserver-xorg-dev_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xdmx | < 2:1.7.7-18+deb6u2 | xdmx_2:1.7.7-18+deb6u2_all.deb |
Debian | 6 | all | xserver-xephyr | < 2:1.7.7-18+deb6u2 | xserver-xephyr_2:1.7.7-18+deb6u2_all.deb |