{"cve": [{"lastseen": "2020-12-09T20:02:59", "description": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.", "edition": 5, "cvss3": {}, "published": "2015-02-13T15:59:00", "title": "CVE-2015-0255", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0255"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:x.org:xorg-server:1.16.3", "cpe:/a:x.org:xorg-server:1.17.0", "cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2015-0255", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0255", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:x.org:xorg-server:1.16.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "Check the version of xorg-x11-server-common", "modified": "2019-03-08T00:00:00", "published": "2015-04-14T00:00:00", "id": "OPENVAS:1361412562310882162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882162", "type": "openvas", "title": "CentOS Update for xorg-x11-server-common CESA-2015:0797 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11-server-common CESA-2015:0797 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882162\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 07:18:46 +0200 (Tue, 14 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for xorg-x11-server-common CESA-2015:0797 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of xorg-x11-server-common\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"X.Org is an open source implementation of\n the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this flaw\nto disclose portions of the X.Org server memory, or cause the X.Org server\nto crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"xorg-x11-server-common on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0797\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021060.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.15.0~26.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "Olivier Fourdan discovered that missing\ninput validation in the Xserver", "modified": "2019-03-18T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310703160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703160", "type": "openvas", "title": "Debian Security Advisory DSA 3160-1 (xorg-server - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3160.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3160-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703160\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-0255\");\n script_name(\"Debian Security Advisory DSA 3160-1 (xorg-server - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 00:00:00 +0100 (Wed, 11 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3160.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"xorg-server on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 2:1.12.4-6+deb7u6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.16.4-1.\n\nWe recommend that you upgrade your xorg-server packages.\");\n script_tag(name:\"summary\", value:\"Olivier Fourdan discovered that missing\ninput validation in the Xserver's handling of XkbSetGeometry requests may result\nin an information leak or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"xdmx\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xnest\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xvfb\", ver:\"2:1.12.4-6+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-03-17T22:59:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120540", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-519)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120540\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:02 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-519)\");\n script_tag(name:\"insight\", value:\"A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255 )\");\n script_tag(name:\"solution\", value:\"Run yum update xorg-x11-server to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-519.html\");\n script_cve_id(\"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.15.0~26.41.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "Oracle Linux Local Security Checks ELSA-2015-0797", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123136", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0797.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123136\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:49 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0797\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0797 - xorg-x11-server security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0797\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0797.html\");\n script_cve_id(\"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.15.0~33.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.15.0~26.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-04-11T00:00:00", "id": "OPENVAS:1361412562310871352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871352", "type": "openvas", "title": "RedHat Update for xorg-x11-server RHSA-2015:0797-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2015:0797-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871352\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-11 07:34:50 +0200 (Sat, 11 Apr 2015)\");\n script_cve_id(\"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for xorg-x11-server RHSA-2015:0797-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xorg-x11-server'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this flaw\nto disclose portions of the X.Org server memory, or cause the X.Org server\nto crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"xorg-x11-server on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0797-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~33.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~33.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~33.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.15.0~33.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~26.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~26.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~26.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.15.0~26.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:52:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "Olivier Fourdan discovered that missing\ninput validation in the Xserver", "modified": "2017-07-07T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:703160", "href": "http://plugins.openvas.org/nasl.php?oid=703160", "type": "openvas", "title": "Debian Security Advisory DSA 3160-1 (xorg-server - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3160.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3160-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703160);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0255\");\n script_name(\"Debian Security Advisory DSA 3160-1 (xorg-server - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-11 00:00:00 +0100 (Wed, 11 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3160.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"xorg-server on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Xorg X server is an X server for\nseveral architectures and operating systems, which is derived from the XFree86\n4.x series of X servers.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 2:1.12.4-6+deb7u6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.16.4-1.\n\nWe recommend that you upgrade your xorg-server packages.\");\n script_tag(name: \"summary\", value: \"Olivier Fourdan discovered that missing\ninput validation in the Xserver's handling of XkbSetGeometry requests may result\nin an information leak or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xnest\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"2:1.12.4-6+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "description": "Check the version of xorg-x11-server-common", "modified": "2019-03-08T00:00:00", "published": "2015-04-11T00:00:00", "id": "OPENVAS:1361412562310882161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882161", "type": "openvas", "title": "CentOS Update for xorg-x11-server-common CESA-2015:0797 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11-server-common CESA-2015:0797 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882161\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-11 07:35:13 +0200 (Sat, 11 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for xorg-x11-server-common CESA-2015:0797 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of xorg-x11-server-common\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"X.Org is an open source implementation of the X\n Window System. It provides the basic low-level functionality that full-fledged graphical\n user interfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this flaw\nto disclose portions of the X.Org server memory, or cause the X.Org server\nto crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"xorg-x11-server-common on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0797\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021059.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.15.0~33.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6424", "CVE-2015-0255"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-02-18T00:00:00", "id": "OPENVAS:1361412562310842093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842093", "type": "openvas", "title": "Ubuntu Update for xorg-server USN-2500-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for xorg-server USN-2500-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842093\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-18 05:41:57 +0100 (Wed, 18 Feb 2015)\");\n script_cve_id(\"CVE-2015-0255\", \"CVE-2013-6424\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for xorg-server USN-2500-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xorg-server'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Olivier Fourdan discovered that the X.Org\nX server incorrectly handled XkbSetGeometry requests resulting in an information\nleak. An attacker able to connect to an X server, either locally or remotely,\ncould use this issue to possibly obtain sensitive information. (CVE-2015-0255)\n\nIt was discovered that the X.Org X server incorrectly handled certain\ntrapezoids. An attacker able to connect to an X server, either locally or\nremotely, could use this issue to possibly crash the server. This issue\nonly affected Ubuntu 12.04 LTS. (CVE-2013-6424)\");\n script_tag(name:\"affected\", value:\"xorg-server on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2500-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2500-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"2:1.16.0-1ubuntu1.3\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"2:1.15.1-0ubuntu2.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-lts-utopic\", ver:\"2:1.16.0-1ubuntu1.2~trusty2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"2:1.11.4-0ubuntu10.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-lts-trusty\", ver:\"2:1.15.1-0ubuntu2~precise5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8098", "CVE-2014-8092", "CVE-2014-8103", "CVE-2014-8100", "CVE-2014-8097", "CVE-2014-8101", "CVE-2014-8091", "CVE-2015-0255", "CVE-2014-8095", "CVE-2014-8102", "CVE-2014-8096", "CVE-2014-8099", "CVE-2014-8093", "CVE-2014-8094"], "description": "Gentoo Linux Local Security Checks GLSA 201504-06", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121373", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-06", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121373\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-06\");\n script_cve_id(\"CVE-2014-8091\", \"CVE-2014-8092\", \"CVE-2014-8093\", \"CVE-2014-8094\", \"CVE-2014-8095\", \"CVE-2014-8096\", \"CVE-2014-8097\", \"CVE-2014-8098\", \"CVE-2014-8099\", \"CVE-2014-8100\", \"CVE-2014-8101\", \"CVE-2014-8102\", \"CVE-2014-8103\", \"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"x11-base/xorg-server\", unaffected: make_list(\"ge 1.12.4-r4\"), vulnerable: make_list(\"lt 1.12.4-r4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8098", "CVE-2011-4028", "CVE-2014-8092", "CVE-2014-8100", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0211", "CVE-2014-8097", "CVE-2014-8101", "CVE-2014-0209", "CVE-2014-0210", "CVE-2015-0255", "CVE-2014-8095", "CVE-2014-8102", "CVE-2014-8096", "CVE-2014-8099", "CVE-2014-8093", "CVE-2011-2895"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-27T00:00:00", "id": "OPENVAS:1361412562310869126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869126", "type": "openvas", "title": "Fedora Update for nx-libs FEDORA-2015-3964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nx-libs FEDORA-2015-3964\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869126\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 06:46:43 +0100 (Fri, 27 Mar 2015)\");\n script_cve_id(\"CVE-2011-2895\", \"CVE-2011-4028\", \"CVE-2013-4396\", \"CVE-2013-6462\",\n \"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\", \"CVE-2014-8092\",\n \"CVE-2014-8097\", \"CVE-2014-8095\", \"CVE-2014-8096\", \"CVE-2014-8099\",\n \"CVE-2014-8100\", \"CVE-2014-8102\", \"CVE-2014-8101\", \"CVE-2014-8093\",\n \"CVE-2014-8098\", \"CVE-2015-0255\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nx-libs FEDORA-2015-3964\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nx-libs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nx-libs on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3964\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"nx-libs\", rpm:\"nx-libs~3.5.0.29~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0797\n\n\nX.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this flaw\nto disclose portions of the X.Org server memory, or cause the X.Org server\nto crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033097.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033098.html\n\n**Affected packages:**\nxorg-x11-server\nxorg-x11-server-Xdmx\nxorg-x11-server-Xephyr\nxorg-x11-server-Xnest\nxorg-x11-server-Xorg\nxorg-x11-server-Xvfb\nxorg-x11-server-common\nxorg-x11-server-devel\nxorg-x11-server-source\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0797.html", "edition": 3, "modified": "2015-04-10T12:11:58", "published": "2015-04-10T12:06:39", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033097.html", "id": "CESA-2015:0797", "title": "xorg security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-0255"], "description": "XkbSetGeometry information disclosure and DoS.", "edition": 1, "modified": "2015-02-16T00:00:00", "published": "2015-02-16T00:00:00", "id": "SECURITYVULNS:VULN:14268", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14268", "title": "X.Org information disclosure", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2015-0255"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3160-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nFebruary 11, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : xorg-server\r\nCVE ID : CVE-2015-0255\r\n\r\nOlivier Fourdan discovered that missing input validation in the Xserver's\r\nhandling of XkbSetGeometry requests may result in an information leak\r\nor denial of service.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 2:1.12.4-6+deb7u6.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2:1.16.4-1.\r\n\r\nWe recommend that you upgrade your xorg-server packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJU24/HAAoJEBDCk7bDfE429IIP/0eu6jKzGfsjkB9lllWv1Q6W\r\nPSJwM7k7++X22wTwBX6rY8anaV1ZeMhAnXU0i4a3+Tg3HfJKwjmI0I7AaAWS97Zi\r\nv63goHpkbQN/W0hAtwNdSJQtCMwqdZ5H0vjInSks1U9zEa4Mz+VTTTaDhkjXOZgs\r\n2rlOTs9+WIX6BCgfVwcVX+O+5GzT/DADJ5eEMsdOsREMHE5Bm0mvCm4FGE5Q/1Y8\r\nCYFiiahhkfEwly62Y3OId5fJe9xexZd+DtXHX9sASpzxSR/Qu0dQ4zZdHIUScuT7\r\nIuRmSZ74cL2n0IONjjeud5d3brrjiLOQMKBtx5BP+wmuERX81vmD8r7/GtxdXsu4\r\ntofurVcb7ABsxG8kIizoUt9fm03yk8u8NuGSSRO2hoLncpOZvN3xV3YxW89Ru6Ip\r\nW/KgLmYDtDvk7cK4FS9CX87j0Iqq5kM2J9pQPX96b77TlyoV2rKDjO0DUgHytTQM\r\nnt5gyFmiDziH1F5U+E/sm/vp7gz30Hk+ql9EmS33sv6aTXCmoq84xVlpvCstQd7L\r\nZUjL7jO4jnitpQspRWyLfcLFM2JbNONN9h5wRcQZqQTAkKY1LaXLLJyldgUfUCzg\r\nKttqqXVjl/u1q5iax+2Fgxp3eIRGMeT9MV01rxrQ3dGKZvU35WIV3RAXuwLGwmbb\r\n8+5qPqqL+0hJJjeUORrC\r\n=eFM3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-02-16T00:00:00", "published": "2015-02-16T00:00:00", "id": "SECURITYVULNS:DOC:31718", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31718", "title": "[SECURITY] [DSA 3160-1] xorg-server security update", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-1926", "CVE-2015-4000", "CVE-2015-2591", "CVE-2015-0443", "CVE-2015-1803", "CVE-2015-4771", "CVE-2015-2627", "CVE-2015-2615", "CVE-2014-3566", "CVE-2015-4764", "CVE-2015-4774", "CVE-2015-2601", "CVE-2015-4738", "CVE-2015-0235", "CVE-2015-4729", "CVE-2015-4751", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-4749", "CVE-2015-4758", "CVE-2014-7809", "CVE-2015-2643", "CVE-2015-4770", "CVE-2015-4747", "CVE-2015-2661", "CVE-2015-4778", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2617", "CVE-2015-4784", "CVE-2015-2664", "CVE-2015-2605", "CVE-2015-2597", "CVE-2015-4785", "CVE-2015-4732", "CVE-2015-2653", "CVE-2014-0227", "CVE-2015-2595", "CVE-2015-4782", "CVE-2015-0286", "CVE-2015-2648", "CVE-2015-2657", "CVE-2014-0230", "CVE-2015-4789", "CVE-2015-0447", "CVE-2015-2581", "CVE-2015-2613", "CVE-2015-2658", "CVE-2014-3571", "CVE-2015-4736", "CVE-2015-2599", "CVE-2013-2251", "CVE-2013-5704", "CVE-2015-4739", "CVE-2015-4790", "CVE-2015-2589", "CVE-2010-1324", "CVE-2015-2623", "CVE-2015-2631", "CVE-2015-2596", "CVE-2015-4763", "CVE-2015-4783", "CVE-2015-2620", "CVE-2015-2650", "CVE-2015-0448", "CVE-2015-2654", "CVE-2015-2607", "CVE-2015-2639", "CVE-2015-2611", "CVE-2015-2645", "CVE-2015-2634", "CVE-2015-2594", "CVE-2015-3456", "CVE-2015-2584", "CVE-2015-2808", "CVE-2014-3570", "CVE-2015-2590", "CVE-2015-2656", "CVE-2015-2626", "CVE-2015-2628", "CVE-2015-4768", "CVE-2015-4761", "CVE-2015-4745", "CVE-2015-4750", "CVE-2015-2635", "CVE-2015-4756", "CVE-2015-2647", "CVE-2015-2600", "CVE-2015-2580", "CVE-2015-3152", "CVE-2015-2640", "CVE-2015-4733", "CVE-2015-2646", "CVE-2014-1568", "CVE-2015-2651", "CVE-2015-2603", "CVE-2015-2633", "CVE-2015-4765", "CVE-2015-2660", "CVE-2015-2604", "CVE-2015-0255", "CVE-2015-4772", "CVE-2015-2662", "CVE-2015-4735", "CVE-2015-4779", "CVE-2015-2585", "CVE-2013-2186", "CVE-2014-3567", "CVE-2015-2614", "CVE-2015-4766", "CVE-2015-4737", "CVE-2015-4776", "CVE-2015-4757", "CVE-2015-4728", "CVE-2015-2637", "CVE-2015-2606", "CVE-2015-4769", "CVE-2015-2621", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-2638", "CVE-2015-4740", "CVE-2015-2619", "CVE-2015-4731", "CVE-2015-4727", "CVE-2015-4741", "CVE-2015-2636", "CVE-2015-2659", "CVE-2015-2655", "CVE-2015-4775", "CVE-2015-4773", "CVE-2014-8102", "CVE-2015-4746", "CVE-2015-2629", "CVE-2015-4788", "CVE-2015-4755", "CVE-2015-2602", "CVE-2015-4748", "CVE-2015-2622", "CVE-2015-2610", "CVE-2012-0036", "CVE-2015-2663", "CVE-2015-4742", "CVE-2015-2652", "CVE-2015-4759", "CVE-2015-0446", "CVE-2015-2582", "CVE-2015-4780", "CVE-2014-1569", "CVE-2015-4781", "CVE-2015-2618", "CVE-2015-2641", "CVE-2015-2593", "CVE-2015-4744", "CVE-2015-2598", "CVE-2015-2587", "CVE-2015-2630", "CVE-2015-2592", "CVE-2015-4767", "CVE-2015-2616", "CVE-2015-2624", "CVE-2015-2609", "CVE-2015-4777", "CVE-2015-4754", "CVE-2015-2588", "CVE-2015-4760", "CVE-2015-2583", "CVE-2015-4743", "CVE-2015-4752", "CVE-2015-2586", "CVE-2015-4753", "CVE-2015-2649", "CVE-2015-2612", "CVE-2015-2644"], "description": "Quarterly CPU fixed over 170 different vulnerabilities.", "edition": 1, "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "SECURITYVULNS:VULN:14601", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14601", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3160-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 11, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xorg-server\nCVE ID : CVE-2015-0255\n\nOlivier Fourdan discovered that missing input validation in the Xserver's\nhandling of XkbSetGeometry requests may result in an information leak\nor denial of service.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.12.4-6+deb7u6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:1.16.4-1.\n\nWe recommend that you upgrade your xorg-server packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-11T17:23:43", "published": "2015-02-11T17:23:43", "id": "DEBIAN:DSA-3160-1:7ADFD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00045.html", "title": "[SECURITY] [DSA 3160-1] xorg-server security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-11-11T13:16:47", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "Package : xorg-server\nVersion : 2:1.7.7-18+deb6u2\nCVE ID : CVE-2015-0255\n\nOlivier Fourdan discovered that missing input validation in the Xserver's\nhandling of XkbSetGeometry requests may result in an information leak or\ndenial of service.\n\nThis upload to Debian squeeze-lts fixes the issue by not swapping\nXkbSetGeometry data in the input buffer any more and checking strings'\nlength against request size.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 7, "modified": "2015-05-01T10:55:32", "published": "2015-05-01T10:55:32", "id": "DEBIAN:DLA-218-1:BEB12", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00001.html", "title": "[SECURITY] [DLA 218-1] xorg-server security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:19:04", "description": "A buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)", "edition": 23, "published": "2015-05-07T00:00:00", "title": "Amazon Linux AMI : xorg-x11-server (ALAS-2015-519)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:xorg-x11-server-source", "p-cpe:/a:amazon:linux:xorg-x11-server-common", "p-cpe:/a:amazon:linux:xorg-x11-server-Xvfb", "p-cpe:/a:amazon:linux:xorg-x11-server-devel", "p-cpe:/a:amazon:linux:xorg-x11-server-Xdmx", "p-cpe:/a:amazon:linux:xorg-x11-server-Xnest", "p-cpe:/a:amazon:linux:xorg-x11-server-debuginfo", "p-cpe:/a:amazon:linux:xorg-x11-server-Xephyr", "p-cpe:/a:amazon:linux:xorg-x11-server-Xorg", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-519.NASL", "href": "https://www.tenable.com/plugins/nessus/83270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-519.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83270);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_xref(name:\"ALAS\", value:\"2015-519\");\n script_xref(name:\"RHSA\", value:\"2015:0797\");\n\n script_name(english:\"Amazon Linux AMI : xorg-x11-server (ALAS-2015-519)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-519.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update xorg-x11-server' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xdmx-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xephyr-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xnest-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xorg-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xvfb-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-common-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-debuginfo-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-devel-1.15.0-26.41.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-source-1.15.0-26.41.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T10:43:31", "description": "Peter Hutterer reports :\n\nOlivier Fourdan from Red Hat has discovered a protocol handling issue\nin the way the X server code base handles the XkbSetGeometry request.\n\nThe issue stems from the server trusting the client to send valid\nstring lengths in the request data. A malicious client with string\nlengths exceeding the request length can cause the server to copy\nadjacent memory data into the XKB structs. This data is then available\nto the client via the XkbGetGeometry request. The data length is at\nleast up to 64k, it is possible to obtain more data by chaining\nstrings, each string length is then determined by whatever happens to\nbe in that 16-bit region of memory.\n\nA similarly crafted request can likely cause the X server to crash.", "edition": 22, "published": "2015-02-13T00:00:00", "title": "FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-02-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:xorg-server", "p-cpe:/a:freebsd:freebsd:xorg-server"], "id": "FREEBSD_PKG_54A69CF7B2EF11E4B1F1BCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/81332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81332);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0255\");\n\n script_name(english:\"FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Hutterer reports :\n\nOlivier Fourdan from Red Hat has discovered a protocol handling issue\nin the way the X server code base handles the XkbSetGeometry request.\n\nThe issue stems from the server trusting the client to send valid\nstring lengths in the request data. A malicious client with string\nlengths exceeding the request length can cause the server to copy\nadjacent memory data into the XKB structs. This data is then available\nto the client via the XkbGetGeometry request. The data length is at\nleast up to 64k, it is possible to obtain more data by chaining\nstrings, each string length is then determined by whatever happens to\nbe in that 16-bit region of memory.\n\nA similarly crafted request can likely cause the X server to crash.\"\n );\n # http://lists.freedesktop.org/archives/xorg/2015-February/057158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.freedesktop.org/archives/xorg/2015-February/057158.html\"\n );\n # https://vuxml.freebsd.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7fd55e61\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xorg-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xorg-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xorg-server<1.14.7_2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"xorg-server>=1.15.0,1<1.16.4,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T14:22:34", "description": "tigervnc and fltk were updated to fix security issues and non-security\nbugs.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Information leak in the XkbSetGeometry\n request of X servers (bnc#915810).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2015-05-27T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : tigervnc, fltk (SUSE-SU-2015:0939-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-05-27T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:fltk-debugsource", "p-cpe:/a:novell:suse_linux:libfltk1-debuginfo", "p-cpe:/a:novell:suse_linux:tigervnc", "p-cpe:/a:novell:suse_linux:tigervnc-debuginfo", "p-cpe:/a:novell:suse_linux:libfltk1", "p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc", "p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc-debuginfo", "p-cpe:/a:novell:suse_linux:tigervnc-debugsource"], "id": "SUSE_SU-2015-0939-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0939-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83855);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_bugtraq_id(72578);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : tigervnc, fltk (SUSE-SU-2015:0939-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tigervnc and fltk were updated to fix security issues and non-security\nbugs.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Information leak in the XkbSetGeometry\n request of X servers (bnc#915810).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0255/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150939-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2459e9b7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-210=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-210=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-210=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fltk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfltk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfltk1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tigervnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tigervnc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tigervnc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"fltk-debugsource-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfltk1-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfltk1-debuginfo-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"tigervnc-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"tigervnc-debuginfo-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"tigervnc-debugsource-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-Xvnc-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-Xvnc-debuginfo-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"fltk-debugsource-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfltk1-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfltk1-debuginfo-1.3.2-10.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"tigervnc-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"tigervnc-debuginfo-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"tigervnc-debugsource-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-Xvnc-1.4.1-32.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-Xvnc-debuginfo-1.4.1-32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tigervnc / fltk\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T14:22:23", "description": "xorg-x11-server was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Check string lengths in XkbSetGeometry\n request (bnc#915810)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-05-20T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xorg-x11-server", "p-cpe:/a:novell:suse_linux:xorg-x11-server-extra-debuginfo", "p-cpe:/a:novell:suse_linux:xorg-x11-server-extra", "p-cpe:/a:novell:suse_linux:xorg-x11-server-debuginfo", "p-cpe:/a:novell:suse_linux:xorg-x11-server-debugsource"], "id": "SUSE_SU-2015-0398-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0398-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83690);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_bugtraq_id(72578);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xorg-x11-server was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Check string lengths in XkbSetGeometry\n request (bnc#915810)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0255/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150398-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82bf233d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-102=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-102=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-server-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xorg-x11-server-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-server-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-server-debuginfo-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-server-debugsource-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-server-extra-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-server-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-server-debugsource-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-server-extra-7.6_1.15.2-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-06T09:30:07", "description": "Updated xorg-x11-server packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.", "edition": 27, "published": "2015-04-13T00:00:00", "title": "CentOS 6 / 7 : xorg-x11-server (CESA-2015:0797)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-04-13T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:xorg-x11-server-Xvfb", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:xorg-x11-server-Xnest", "p-cpe:/a:centos:centos:xorg-x11-server-common", "p-cpe:/a:centos:centos:xorg-x11-server-Xdmx", "p-cpe:/a:centos:centos:xorg-x11-server-devel", "p-cpe:/a:centos:centos:xorg-x11-server-Xorg", "p-cpe:/a:centos:centos:xorg-x11-server-source", "p-cpe:/a:centos:centos:xorg-x11-server-Xephyr"], "id": "CENTOS_RHSA-2015-0797.NASL", "href": "https://www.tenable.com/plugins/nessus/82714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0797 and \n# CentOS Errata and Security Advisory 2015:0797 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82714);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_xref(name:\"RHSA\", value:\"2015:0797\");\n\n script_name(english:\"CentOS 6 / 7 : xorg-x11-server (CESA-2015:0797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021059.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efc5a690\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-April/021060.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95583517\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0255\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xdmx-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xephyr-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xnest-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xorg-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xvfb-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-common-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-devel-1.15.0-26.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-source-1.15.0-26.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-common-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-devel-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xorg-x11-server-source-1.15.0-33.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T09:42:25", "description": "Olivier Fourdan discovered that missing input validation in the\nXserver's handling of XkbSetGeometry requests may result in an\ninformation leak or denial of service.\n\nThis upload to Debian squeeze-lts fixes the issue by not swapping\nXkbSetGeometry data in the input buffer any more and checking strings'\nlength against request size.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-05-04T00:00:00", "title": "Debian DLA-218-1 : xorg-server security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-05-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xserver-common", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:xserver-xephyr", "p-cpe:/a:debian:debian_linux:xvfb", "p-cpe:/a:debian:debian_linux:xserver-xfbdev", "p-cpe:/a:debian:debian_linux:xdmx", "p-cpe:/a:debian:debian_linux:xnest", "p-cpe:/a:debian:debian_linux:xserver-xorg-core-udeb", "p-cpe:/a:debian:debian_linux:xserver-xorg-core", "p-cpe:/a:debian:debian_linux:xdmx-tools", "p-cpe:/a:debian:debian_linux:xserver-xorg-dev", "p-cpe:/a:debian:debian_linux:xserver-xorg-core-dbg"], "id": "DEBIAN_DLA-218.NASL", "href": "https://www.tenable.com/plugins/nessus/83190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-218-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83190);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_bugtraq_id(72578);\n\n script_name(english:\"Debian DLA-218-1 : xorg-server security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Olivier Fourdan discovered that missing input validation in the\nXserver's handling of XkbSetGeometry requests may result in an\ninformation leak or denial of service.\n\nThis upload to Debian squeeze-lts fixes the issue by not swapping\nXkbSetGeometry data in the input buffer any more and checking strings'\nlength against request size.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/05/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/xorg-server\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xdmx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xfbdev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xorg-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xorg-core-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xorg-core-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xserver-xorg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"xdmx\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xdmx-tools\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xnest\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-common\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xephyr\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xfbdev\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xorg-core\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xorg-core-dbg\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xorg-core-udeb\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xserver-xorg-dev\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xvfb\", reference:\"2:1.7.7-18+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-06-05T11:12:23", "description": "tigervnc was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Information leak in the XkbSetGeometry\n request of X servers (bnc#915810).", "edition": 16, "published": "2015-02-23T00:00:00", "title": "openSUSE Security Update : tigervnc (openSUSE-2015-170)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-02-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tigervnc-debugsource", "p-cpe:/a:novell:opensuse:xorg-x11-Xvnc", "p-cpe:/a:novell:opensuse:tigervnc-debuginfo", "p-cpe:/a:novell:opensuse:xorg-x11-Xvnc-debuginfo", "p-cpe:/a:novell:opensuse:tigervnc", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-170.NASL", "href": "https://www.tenable.com/plugins/nessus/81434", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-170.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81434);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-0255\");\n\n script_name(english:\"openSUSE Security Update : tigervnc (openSUSE-2015-170)\");\n script_summary(english:\"Check for the openSUSE-2015-170 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tigervnc was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-0255: Information leak in the XkbSetGeometry\n request of X servers (bnc#915810).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915810\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tigervnc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tigervnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tigervnc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tigervnc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tigervnc-1.4.1-6.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tigervnc-debuginfo-1.4.1-6.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tigervnc-debugsource-1.4.1-6.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xorg-x11-Xvnc-1.4.1-6.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xorg-x11-Xvnc-debuginfo-1.4.1-6.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tigervnc / tigervnc-debuginfo / tigervnc-debugsource / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T09:48:58", "description": "Olivier Fourdan discovered that missing input validation in the\nXserver's handling of XkbSetGeometry requests may result in an\ninformation leak or denial of service.", "edition": 16, "published": "2015-02-12T00:00:00", "title": "Debian DSA-3160-1 : xorg-server - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-02-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xorg-server", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3160.NASL", "href": "https://www.tenable.com/plugins/nessus/81301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3160. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81301);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_bugtraq_id(72578);\n script_xref(name:\"DSA\", value:\"3160\");\n\n script_name(english:\"Debian DSA-3160-1 : xorg-server - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Olivier Fourdan discovered that missing input validation in the\nXserver's handling of XkbSetGeometry requests may result in an\ninformation leak or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xorg-server\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3160\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xorg-server packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.12.4-6+deb7u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xorg-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"xdmx\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xdmx-tools\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xnest\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-common\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xephyr\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xfbdev\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xorg-core\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xorg-core-dbg\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xorg-core-udeb\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xserver-xorg-dev\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xvfb\", reference:\"2:1.12.4-6+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T12:49:53", "description": "From Red Hat Security Advisory 2015:0797 :\n\nUpdated xorg-x11-server packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.", "edition": 24, "published": "2015-04-10T00:00:00", "title": "Oracle Linux 6 / 7 : xorg-x11-server (ELSA-2015-0797)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-04-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx", "p-cpe:/a:oracle:linux:xorg-x11-server-common", "p-cpe:/a:oracle:linux:xorg-x11-server-Xnest", "p-cpe:/a:oracle:linux:xorg-x11-server-Xorg", "p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb", "p-cpe:/a:oracle:linux:xorg-x11-server-source", "p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr", "p-cpe:/a:oracle:linux:xorg-x11-server-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0797.NASL", "href": "https://www.tenable.com/plugins/nessus/82690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0797 and \n# Oracle Linux Security Advisory ELSA-2015-0797 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82690);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0255\");\n script_xref(name:\"RHSA\", value:\"2015:0797\");\n\n script_name(english:\"Oracle Linux 6 / 7 : xorg-x11-server (ELSA-2015-0797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0797 :\n\nUpdated xorg-x11-server packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004989.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004990.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xdmx-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xephyr-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xnest-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xorg-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xvfb-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-common-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-devel-1.15.0-26.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-source-1.15.0-26.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-common-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-devel-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-source-1.15.0-33.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:45", "description": "A buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)", "edition": 14, "published": "2015-04-14T00:00:00", "title": "Scientific Linux Security Update : xorg-x11-server on SL6.x, SL7.x i386/x86_64 (20150410)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0255"], "modified": "2015-04-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xnest", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-source", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-debuginfo", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xephyr", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-devel", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xvfb", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xdmx", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xorg", "p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-common"], "id": "SL_20150410_XORG_X11_SERVER_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82759);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0255\");\n\n script_name(english:\"Scientific Linux Security Update : xorg-x11-server on SL6.x, SL7.x i386/x86_64 (20150410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this\nflaw to disclose portions of the X.Org server memory, or cause the\nX.Org server to crash using a specially crafted XkbGetGeometry\nrequest. (CVE-2015-0255)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=973\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac5e46c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-Xdmx-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-Xephyr-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-Xnest-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-Xorg-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-Xvfb-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-common-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-debuginfo-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-devel-1.15.0-26.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"xorg-x11-server-source-1.15.0-26.sl6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-common-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xorg-x11-server-devel-1.15.0-33.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"xorg-x11-server-source-1.15.0-33.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA buffer over-read flaw was found in the way the X.Org server handled\nXkbGetGeometry requests. A malicious, authorized client could use this flaw\nto disclose portions of the X.Org server memory, or cause the X.Org server\nto crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)\n\nThis issue was discovered by Olivier Fourdan of Red Hat.\n\nAll xorg-x11-server users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:11", "published": "2015-04-10T04:00:00", "id": "RHSA-2015:0797", "href": "https://access.redhat.com/errata/RHSA-2015:0797", "type": "redhat", "title": "(RHSA-2015:0797) Moderate: xorg-x11-server security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "\nPeter Hutterer reports:\n\nOlivier Fourdan from Red Hat has discovered a protocol handling\n\t issue in the way the X server code base handles the XkbSetGeometry\n\t request.\nThe issue stems from the server trusting the client to send valid\n\t string lengths in the request data. A malicious client with string\n\t lengths exceeding the request length can cause the server to copy\n\t adjacent memory data into the XKB structs. This data is then\n\t available to the client via the XkbGetGeometry request. The\n\t data length is at least up to 64k, it is possible to obtain\n\t more data by chaining strings, each string length is then\n\t determined by whatever happens to be in that 16-bit region of\n\t memory.\nA similarly crafted request can likely cause the X server\n\t to crash.\n\n", "edition": 4, "modified": "2015-02-10T00:00:00", "published": "2015-02-10T00:00:00", "id": "54A69CF7-B2EF-11E4-B1F1-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html", "title": "xorg-server -- Information leak in the XkbSetGeometry request of X servers.", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "[1.15.0-26]\n- CVE fixes for: CVE-2015-0255", "edition": 4, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "ELSA-2015-0797", "href": "http://linux.oracle.com/errata/ELSA-2015-0797.html", "title": "xorg-x11-server security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255"], "description": "**Issue Overview:**\n\nA buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. ([CVE-2015-0255 __](<https://access.redhat.com/security/cve/CVE-2015-0255>))\n\n \n**Affected Packages:** \n\n\nxorg-x11-server\n\n \n**Issue Correction:** \nRun _yum update xorg-x11-server_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n xorg-x11-server-Xnest-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-Xorg-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-devel-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-Xephyr-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-Xvfb-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-Xdmx-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-common-1.15.0-26.41.amzn1.i686 \n xorg-x11-server-debuginfo-1.15.0-26.41.amzn1.i686 \n \n noarch: \n xorg-x11-server-source-1.15.0-26.41.amzn1.noarch \n \n src: \n xorg-x11-server-1.15.0-26.41.amzn1.src \n \n x86_64: \n xorg-x11-server-Xorg-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-Xvfb-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-Xdmx-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-debuginfo-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-devel-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-Xephyr-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-common-1.15.0-26.41.amzn1.x86_64 \n xorg-x11-server-Xnest-1.15.0-26.41.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-05-05T15:55:00", "published": "2015-05-05T15:55:00", "id": "ALAS-2015-519", "href": "https://alas.aws.amazon.com/ALAS-2015-519.html", "title": "Medium: xorg-x11-server", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0255", "CVE-2015-0245"], "description": "Olivier Fourdan from Red Hat has discovered a protocol handling issue in\nthe way the X server code base handles the XkbSetGeometry request.\n\nThe issue stems from the server trusting the client to send valid string\nlengths in the request data. A malicious client with string lengths\nexceeding the request length can cause the server to copy adjacent\nmemory data into the XKB structs. This data is then available to the\nclient via the XkbGetGeometry request.\nThe data length is at least up to 64k, it is possible to obtain more\ndata by chaining strings, each string length is then determined by\nwhatever happens to be in that 16-bit region of memory.\n\nA similarly crafted request can likely cause the X server to crash.", "modified": "2015-02-10T00:00:00", "published": "2015-02-10T00:00:00", "id": "ASA-201502-11", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html", "type": "archlinux", "title": "xorg-server: information leak and denial of service", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6424", "CVE-2015-0255"], "description": "Olivier Fourdan discovered that the X.Org X server incorrectly handled \nXkbSetGeometry requests resulting in an information leak. An attacker able \nto connect to an X server, either locally or remotely, could use this issue \nto possibly obtain sensitive information. (CVE-2015-0255)\n\nIt was discovered that the X.Org X server incorrectly handled certain \ntrapezoids. An attacker able to connect to an X server, either locally or \nremotely, could use this issue to possibly crash the server. This issue \nonly affected Ubuntu 12.04 LTS. (CVE-2013-6424)", "edition": 5, "modified": "2015-02-17T00:00:00", "published": "2015-02-17T00:00:00", "id": "USN-2500-1", "href": "https://ubuntu.com/security/notices/USN-2500-1", "title": "X.Org X server vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:44", "bulletinFamily": "info", "cvelist": ["CVE-2015-1803", "CVE-2014-0227", "CVE-2015-0286", "CVE-2014-0230", "CVE-2015-2581", "CVE-2014-3571", "CVE-2010-1324", "CVE-2015-2594", "CVE-2015-0255", "CVE-2015-4727", "CVE-2014-8102"], "description": "### *Detect date*:\n07/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle VM VirtualBox. By exploiting these vulnerabilities malicious users can affect integrity, cause denial of service and obtain sensitive information. These vulnerabilities can be exploited locally via an unknown vectors.\n\n### *Affected products*:\nOracle VM VirtualBox 4.0 versions earlier than 4.0.32 \nOracle VM VirtualBox 4.1 versions earlier than 4.1.40 \nOracle VM VirtualBox 4.2 versions earlier than 4.2.32 \nOracle VM VirtualBox 4.3 versions earlier than 4.3.30\n\n### *Solution*:\nUpdate to the latest version \n[Get VirtualBox](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2014-3571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571>)5.0Critical \n[CVE-2015-1803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1803>)8.5Critical \n[CVE-2015-0286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286>)5.0Critical \n[CVE-2015-0255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255>)6.4High \n[CVE-2014-0227](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227>)6.4High \n[CVE-2010-1324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324>)4.3Warning \n[CVE-2014-8102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102>)6.5High \n[CVE-2014-0230](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230>)7.8Critical \n[CVE-2015-4727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4727>)7.5Critical \n[CVE-2015-2581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2581>)6.4High \n[CVE-2015-2594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594>)6.6High", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-07-14T00:00:00", "id": "KLA10630", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10630", "title": "\r KLA10630Multiple vulnerabilities in Oracle VM VirtualBox ", "type": "kaspersky", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8098", "CVE-2014-8092", "CVE-2014-8103", "CVE-2014-8100", "CVE-2014-8097", "CVE-2014-8101", "CVE-2014-8091", "CVE-2015-0255", "CVE-2014-8095", "CVE-2014-8102", "CVE-2014-8096", "CVE-2014-8099", "CVE-2014-8093", "CVE-2014-8094"], "description": "### Background\n\nThe X Window System is a graphical windowing system based on a client/server model. \n\n### Description\n\nMultiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll X.Org X Server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-base/xorg-server-1.12.4-r4\"", "edition": 1, "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "GLSA-201504-06", "href": "https://security.gentoo.org/glsa/201504-06", "type": "gentoo", "title": "X.Org X Server: Multiple vulnerabilities", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-26T21:29:40", "published": "2015-03-26T21:29:40", "id": "FEDORA:A5A9D608A4BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: nx-libs-3.5.0.29-1.fc20", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-26T21:51:39", "published": "2015-03-26T21:51:39", "id": "FEDORA:A13DB60C7030", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: nx-libs-3.5.0.29-1.fc21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-21T04:53:26", "published": "2015-03-21T04:53:26", "id": "FEDORA:593706093B2E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: nx-libs-3.5.0.29-1.fc22", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:56", "bulletinFamily": "software", "cvelist": ["CVE-2015-1926", "CVE-2015-1802", "CVE-2015-4000", "CVE-2015-2591", "CVE-2015-0443", "CVE-2015-1803", "CVE-2015-4771", "CVE-2015-2627", "CVE-2015-2615", "CVE-2014-3566", "CVE-2015-4764", "CVE-2015-4774", "CVE-2015-2601", "CVE-2015-4738", "CVE-2014-8098", "CVE-2015-0235", "CVE-2015-4729", "CVE-2015-1804", "CVE-2015-4751", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-4749", "CVE-2014-8092", "CVE-2015-4758", "CVE-2014-7809", "CVE-2015-2643", "CVE-2015-4770", "CVE-2015-4747", "CVE-2015-2661", "CVE-2015-4778", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2617", "CVE-2015-4784", "CVE-2015-2664", "CVE-2015-2605", "CVE-2015-2597", "CVE-2015-4785", "CVE-2015-4732", "CVE-2015-2653", "CVE-2014-3572", "CVE-2014-3613", "CVE-2015-0206", "CVE-2014-0227", "CVE-2015-2595", "CVE-2015-4782", "CVE-2015-0286", "CVE-2015-3244", "CVE-2015-2648", "CVE-2015-2657", "CVE-2014-0230", "CVE-2014-8100", "CVE-2015-4789", "CVE-2015-2581", "CVE-2015-2613", "CVE-2015-2658", "CVE-2014-3571", "CVE-2015-4736", "CVE-2015-2599", "CVE-2013-2251", "CVE-2013-5704", "CVE-2015-4739", "CVE-2015-0288", "CVE-2015-4790", "CVE-2013-6422", "CVE-2015-2589", "CVE-2010-1324", "CVE-2015-2623", "CVE-2015-2631", "CVE-2010-4020", "CVE-2015-2596", "CVE-2015-4763", "CVE-2015-0285", "CVE-2015-4783", "CVE-2015-2620", "CVE-2015-2650", "CVE-2011-3389", "CVE-2015-2654", "CVE-2015-0207", "CVE-2015-2607", "CVE-2015-2639", "CVE-2015-2611", "CVE-2015-2645", "CVE-2015-2634", "CVE-2015-2594", "CVE-2014-8275", "CVE-2015-3456", "CVE-2015-0467", "CVE-2015-2584", "CVE-2015-0208", "CVE-2015-2808", "CVE-2013-0249", "CVE-2014-3570", "CVE-2015-2590", "CVE-2015-2656", "CVE-2015-2626", "CVE-2015-2628", "CVE-2015-4768", "CVE-2015-4761", "CVE-2015-4745", "CVE-2015-4750", "CVE-2014-0139", "CVE-2015-2635", "CVE-2015-4756", "CVE-2015-2647", "CVE-2014-3707", "CVE-2015-0293", "CVE-2015-2600", "CVE-2015-2580", "CVE-2014-8097", "CVE-2014-8101", "CVE-2015-2640", "CVE-2015-4733", "CVE-2015-2646", "CVE-2014-1568", "CVE-2015-2651", "CVE-2015-2603", "CVE-2014-8091", "CVE-2015-4765", "CVE-2015-2660", "CVE-2015-2604", "CVE-2015-0255", "CVE-2015-4772", "CVE-2015-2662", "CVE-2015-4735", "CVE-2015-0468", "CVE-2015-4779", "CVE-2015-0209", "CVE-2015-2585", "CVE-2013-2186", "CVE-2014-3567", "CVE-2015-2614", "CVE-2014-0015", "CVE-2015-4737", "CVE-2015-4776", "CVE-2015-4757", "CVE-2015-4728", "CVE-2015-2637", "CVE-2015-2606", "CVE-2015-4769", "CVE-2015-0204", "CVE-2015-2621", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-2638", "CVE-2015-4740", "CVE-2015-2619", "CVE-2015-4731", "CVE-2014-8095", "CVE-2015-4727", "CVE-2015-4741", "CVE-2015-2636", "CVE-2015-2659", "CVE-2015-2655", "CVE-2015-4775", "CVE-2015-4773", "CVE-2014-8102", "CVE-2015-0291", "CVE-2015-4746", "CVE-2015-2629", "CVE-2014-8096", "CVE-2015-4788", "CVE-2015-4755", "CVE-2015-2602", "CVE-2015-4748", "CVE-2015-0287", "CVE-2015-2622", "CVE-2015-2610", "CVE-2012-0036", "CVE-2013-2174", "CVE-2015-2663", "CVE-2015-4742", "CVE-2014-8093", "CVE-2015-0289", "CVE-2015-2652", "CVE-2015-4759", "CVE-2015-0446", "CVE-2015-0292", "CVE-2015-2582", "CVE-2015-4780", "CVE-2014-1569", "CVE-2015-4781", "CVE-2015-2618", "CVE-2015-2641", "CVE-2015-2593", "CVE-2015-4744", "CVE-2015-2598", "CVE-2014-0138", "CVE-2015-2587", "CVE-2015-2630", "CVE-2015-2592", "CVE-2015-4767", "CVE-2015-0290", "CVE-2015-2616", "CVE-2015-0205", "CVE-2015-2624", "CVE-2015-2609", "CVE-2015-4777", "CVE-2010-1323", "CVE-2015-1787", "CVE-2015-4754", "CVE-2014-3569", "CVE-2015-2588", "CVE-2015-4760", "CVE-2015-2583", "CVE-2015-4743", "CVE-2013-4545", "CVE-2015-4752", "CVE-2015-2586", "CVE-2015-4753", "CVE-2015-2649", "CVE-2015-2612", "CVE-2015-2644"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-07-07T00:00:00", "published": "2015-07-14T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "bulletinFamily": "software", "cvelist": ["CVE-2010-1323", "CVE-2010-1324", "CVE-2010-4020", "CVE-2011-3389", "CVE-2012-0036", "CVE-2013-0249", "CVE-2013-2174", "CVE-2013-2186", "CVE-2013-2251", "CVE-2013-4545", "CVE-2013-5704", "CVE-2013-6422", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-1568", "CVE-2014-1569", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-7809", "CVE-2014-8091", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0255", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-0443", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-0446", "CVE-2015-0467", "CVE-2015-0468", "CVE-2015-1787", "CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804", "CVE-2015-1926", "CVE-2015-2580", "CVE-2015-2581", "CVE-2015-2582", "CVE-2015-2583", "CVE-2015-2584", "CVE-2015-2585", "CVE-2015-2586", "CVE-2015-2587", "CVE-2015-2588", "CVE-2015-2589", "CVE-2015-2590", "CVE-2015-2591", "CVE-2015-2592", "CVE-2015-2593", "CVE-2015-2594", "CVE-2015-2595", "CVE-2015-2596", "CVE-2015-2597", "CVE-2015-2598", "CVE-2015-2599", "CVE-2015-2600", "CVE-2015-2601", "CVE-2015-2602", "CVE-2015-2603", "CVE-2015-2604", "CVE-2015-2605", "CVE-2015-2606", "CVE-2015-2607", "CVE-2015-2609", "CVE-2015-2610", "CVE-2015-2611", "CVE-2015-2612", "CVE-2015-2613", "CVE-2015-2614", "CVE-2015-2615", "CVE-2015-2616", "CVE-2015-2617", "CVE-2015-2618", "CVE-2015-2619", "CVE-2015-2620", "CVE-2015-2621", "CVE-2015-2622", "CVE-2015-2623", "CVE-2015-2624", "CVE-2015-2625", "CVE-2015-2626", "CVE-2015-2627", "CVE-2015-2628", "CVE-2015-2629", "CVE-2015-2630", "CVE-2015-2631", "CVE-2015-2632", "CVE-2015-2634", "CVE-2015-2635", "CVE-2015-2636", "CVE-2015-2637", "CVE-2015-2638", "CVE-2015-2639", "CVE-2015-2640", "CVE-2015-2641", "CVE-2015-2643", "CVE-2015-2644", "CVE-2015-2645", "CVE-2015-2646", "CVE-2015-2647", "CVE-2015-2648", "CVE-2015-2649", "CVE-2015-2650", "CVE-2015-2651", "CVE-2015-2652", "CVE-2015-2653", "CVE-2015-2654", "CVE-2015-2655", "CVE-2015-2656", "CVE-2015-2657", "CVE-2015-2658", "CVE-2015-2659", "CVE-2015-2660", "CVE-2015-2661", "CVE-2015-2662", "CVE-2015-2663", "CVE-2015-2664", "CVE-2015-2808", "CVE-2015-3244", "CVE-2015-3456", "CVE-2015-4000", "CVE-2015-4727", "CVE-2015-4728", "CVE-2015-4729", "CVE-2015-4731", "CVE-2015-4732", "CVE-2015-4733", "CVE-2015-4735", "CVE-2015-4736", "CVE-2015-4737", "CVE-2015-4738", "CVE-2015-4739", "CVE-2015-4740", "CVE-2015-4741", "CVE-2015-4742", "CVE-2015-4743", "CVE-2015-4744", "CVE-2015-4745", "CVE-2015-4746", "CVE-2015-4747", "CVE-2015-4748", "CVE-2015-4749", "CVE-2015-4750", "CVE-2015-4751", "CVE-2015-4752", "CVE-2015-4753", "CVE-2015-4754", "CVE-2015-4755", "CVE-2015-4756", "CVE-2015-4757", "CVE-2015-4758", "CVE-2015-4759", "CVE-2015-4760", "CVE-2015-4761", "CVE-2015-4763", "CVE-2015-4764", "CVE-2015-4765", "CVE-2015-4767", "CVE-2015-4768", "CVE-2015-4769", "CVE-2015-4770", "CVE-2015-4771", "CVE-2015-4772", "CVE-2015-4773", "CVE-2015-4774", "CVE-2015-4775", "CVE-2015-4776", "CVE-2015-4777", "CVE-2015-4778", "CVE-2015-4779", "CVE-2015-4780", "CVE-2015-4781", "CVE-2015-4782", "CVE-2015-4783", "CVE-2015-4784", "CVE-2015-4785", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-4788", "CVE-2015-4789", "CVE-2015-4790"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ https://blogs.oracle.com/security](<https://blogs.oracle.com/security/>).\n\n**Please note that on May 15, 2015, Oracle released Security Alert for CVE-2015-3456 (QEMU \"Venom\") .Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456.**\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2016-07-07T00:00:00", "published": "2015-07-14T00:00:00", "id": "ORACLE:CPUJUL2015", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
