Security update for xorg-x11-server

Announcement ID: SUSE-SU-2015:0047-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2014-8092 ( SUSE ): 6.8 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Software Development Kit 12

An update that solves 13 vulnerabilities can now be installed.

Description:

This X.Org update fixes the following security issues:

  • denial of service due to unchecked malloc in client authentication (CVE-2014-8091)
  • integer overflows calculating memory needs for requests: CVE-2014-8092: X11 core protocol requests CVE-2014-8093: GLX extension CVE-2014-8094: DRI2 extension
  • out of bounds access due to not validating length or offset values in requests: CVE-2014-8095: XInput extension CVE-2014-8096: XC-MISC extension CVE-2014-8097: DBE extension CVE-2014-8098: GLX extension CVE-2014-8099: XVideo extension CVE-2014-8100: Render extension CVE-2014-8101: RandR extension CVE-2014-8102: XFixes extension CVE-2014-8103: DRI3 and Present extensions

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-18=1
  • SUSE Linux Enterprise Software Development Kit 12
    zypper in -t patch SUSE-SLE-SDK-12-2015-18=1
  • SUSE Linux Enterprise Server 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-18=1
  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-18=1

Package List:

  • SUSE Linux Enterprise Desktop 12 (x86_64)
    • xorg-x11-server-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-debugsource-7.6_1.15.2-17.2
    • xorg-x11-server-extra-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-7.6_1.15.2-17.2
    • xorg-x11-server-extra-7.6_1.15.2-17.2
  • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
    • xorg-x11-server-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-sdk-7.6_1.15.2-17.2
    • xorg-x11-server-debugsource-7.6_1.15.2-17.2
  • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
    • xorg-x11-server-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-debugsource-7.6_1.15.2-17.2
    • xorg-x11-server-extra-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-7.6_1.15.2-17.2
    • xorg-x11-server-extra-7.6_1.15.2-17.2
  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • xorg-x11-server-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-debugsource-7.6_1.15.2-17.2
    • xorg-x11-server-extra-debuginfo-7.6_1.15.2-17.2
    • xorg-x11-server-7.6_1.15.2-17.2
    • xorg-x11-server-extra-7.6_1.15.2-17.2

References: