Upstream information

CVE-2015-3164 at MITRE

Description

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.6
Vector AV:L/AC:L/Au:N/C:P/I:P/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 934102 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Desktop 12 SP3
  • xorg-x11-server >= 7.6_1.18.3-71.1
  • xorg-x11-server-extra >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA xorg-x11-server
SUSE Linux Enterprise Module for Basesystem 15
  • xorg-x11-server >= 1.19.6-6.19
  • xorg-x11-server-extra >= 1.19.6-6.19
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA xorg-x11-server
SUSE Linux Enterprise Module for Development Tools 15
  • xorg-x11-server-sdk >= 1.19.6-6.19
Patchnames:
SUSE Linux Enterprise Module for Development Tools 15 GA xorg-x11-server-sdk
SUSE Linux Enterprise Server 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Server 12 SP3
  • xorg-x11-server >= 7.6_1.18.3-71.1
  • xorg-x11-server-extra >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA xorg-x11-server
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • xorg-x11-server >= 7.6_1.18.3-57.34
  • xorg-x11-server-extra >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA xorg-x11-server
SUSE Linux Enterprise Software Development Kit 12 SP2
  • xorg-x11-server-sdk >= 7.6_1.18.3-57.34
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA xorg-x11-server-sdk
SUSE Linux Enterprise Software Development Kit 12 SP3
  • xorg-x11-server-sdk >= 7.6_1.18.3-71.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA xorg-x11-server-sdk
SUSE Linux Enterprise Workstation Extension 15
  • xorg-x11-server-wayland >= 1.19.6-6.19
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA xorg-x11-server-wayland
openSUSE Leap 15.0
  • xorg-x11-server >= 1.19.6-lp150.6.1
  • xorg-x11-server-extra >= 1.19.6-lp150.6.1
  • xorg-x11-server-wayland >= 1.19.6-lp150.6.1
Patchnames:
openSUSE Leap 15.0 GA xorg-x11-server
openSUSE Leap 42.1
  • xorg-x11-server >= 7.6_1.17.2-7.3
  • xorg-x11-server-extra >= 7.6_1.17.2-7.3
  • xorg-x11-server-sdk >= 7.6_1.17.2-7.3
Patchnames:
openSUSE Leap 42.1 GA xorg-x11-server
openSUSE Leap 42.2
  • xorg-x11-server >= 7.6_1.18.3-2.7
  • xorg-x11-server-extra >= 7.6_1.18.3-2.7
  • xorg-x11-server-sdk >= 7.6_1.18.3-2.7
Patchnames:
openSUSE Leap 42.2 GA xorg-x11-server
openSUSE Leap 42.3
  • xorg-x11-server >= 7.6_1.18.3-17.1
  • xorg-x11-server-extra >= 7.6_1.18.3-17.1
  • xorg-x11-server-sdk >= 7.6_1.18.3-17.1
Patchnames:
openSUSE Leap 42.3 GA xorg-x11-server
openSUSE Tumbleweed
  • xorg-x11-server >= 7.6_1.18.4-2.1
  • xorg-x11-server-extra >= 7.6_1.18.4-2.1
  • xorg-x11-server-sdk >= 7.6_1.18.4-2.1
  • xorg-x11-server-source >= 7.6_1.18.4-2.1
  • xorg-x11-server-wayland >= 7.6_1.18.4-2.1
Patchnames:
openSUSE Tumbleweed GA xorg-x11-server