ID CVE-2015-0255
Summary X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
References
Vulnerable Configurations
  • X.Org xorg-server 1.16.3
    cpe:2.3:a:x.org:xorg-server:1.16.3
  • X.Org xorg-server 1.17.0
    cpe:2.3:a:x.org:xorg-server:1.17.0
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 6.4 (as of 20-10-2016 - 13:04)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
nessus via4
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL
    description The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum. (CVE-2010-1324) - A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2015-1803) - An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-8102) - A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts. (CVE-2014-0230) - A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 84795
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84795
    title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0398-1.NASL
    description xorg-x11-server was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Check string lengths in XkbSetGeometry request (bnc#915810) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83690
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83690
    title SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0797.NASL
    description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82714
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82714
    title CentOS 6 / 7 : xorg-x11-server (CESA-2015:0797)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2500-1.NASL
    description Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6424). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 81398
    published 2015-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81398
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities (USN-2500-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-06 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-06-10
    plugin id 84071
    published 2015-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84071
    title GLSA-201504-06 : X.Org X Server: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3160.NASL
    description Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81301
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81301
    title Debian DSA-3160-1 : xorg-server - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-169.NASL
    description xorg-x11-server was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810).
    last seen 2019-02-21
    modified 2015-03-11
    plugin id 81433
    published 2015-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81433
    title openSUSE Security Update : xorg-x11-server (openSUSE-2015-169)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150410_XORG_X11_SERVER_ON_SL6_X.NASL
    description A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 82759
    published 2015-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82759
    title Scientific Linux Security Update : xorg-x11-server on SL6.x, SL7.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_54A69CF7B2EF11E4B1F1BCAEC565249C.NASL
    description Peter Hutterer reports : Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory. A similarly crafted request can likely cause the X server to crash.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 81332
    published 2015-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81332
    title FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0797.NASL
    description From Red Hat Security Advisory 2015:0797 : Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 82690
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82690
    title Oracle Linux 6 / 7 : xorg-x11-server (ELSA-2015-0797)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-218.NASL
    description Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service. This upload to Debian squeeze-lts fixes the issue by not swapping XkbSetGeometry data in the input buffer any more and checking strings' length against request size. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 83190
    published 2015-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83190
    title Debian DLA-218-1 : xorg-server security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0797.NASL
    description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 82693
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82693
    title RHEL 6 / 7 : xorg-x11-server (RHSA-2015:0797)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_XORG-X11-XVNC-150210.NASL
    description xorg-x11-server has been updated to fix one security issue : - Check string lenghts in XkbSetGeometry request (bnc#915810) This non-security issue has been fixed :. (CVE-2015-0255) - Option '-showopts' now works with all drivers (bnc#883051)
    last seen 2019-02-21
    modified 2015-03-05
    plugin id 81643
    published 2015-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81643
    title SuSE 11.3 Security Update : xorg-x11-Xvnc (SAT Patch Number 10298)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-519.NASL
    description A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 83270
    published 2015-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83270
    title Amazon Linux AMI : xorg-x11-server (ALAS-2015-519)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-170.NASL
    description tigervnc was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810).
    last seen 2019-02-21
    modified 2015-03-11
    plugin id 81434
    published 2015-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81434
    title openSUSE Security Update : tigervnc (openSUSE-2015-170)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0939-1.NASL
    description tigervnc and fltk were updated to fix security issues and non-security bugs. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83855
    published 2015-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83855
    title SUSE SLED12 / SLES12 Security Update : tigervnc, fltk (SUSE-SU-2015:0939-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-119.NASL
    description Updated x11-server packages fix security vulnerabilities : Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102). Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash (CVE-2015-0255).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82372
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82372
    title Mandriva Linux Security Advisory : x11-server (MDVSA-2015:119)
redhat via4
advisories
bugzilla
id 1189062
title CVE-2015-0255 xorg-x11-server: information leak in the XkbSetGeometry request of X servers
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797019
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359014
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797017
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359018
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797009
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359012
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797005
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359020
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797007
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359010
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797013
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359006
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797015
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359016
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.15.0-26.el6_6
          oval oval:com.redhat.rhsa:tst:20150797011
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359008
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797028
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359014
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797032
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359018
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797025
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359012
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797031
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359020
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797030
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359010
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797029
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359006
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797026
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359016
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.15.0-33.el7_1
          oval oval:com.redhat.rhsa:tst:20150797027
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111359008
rhsa
id RHSA-2015:0797
released 2015-04-10
severity Moderate
title RHSA-2015:0797: xorg-x11-server security update (Moderate)
rpms
  • xorg-x11-server-Xdmx-0:1.15.0-26.el6_6
  • xorg-x11-server-Xephyr-0:1.15.0-26.el6_6
  • xorg-x11-server-Xnest-0:1.15.0-26.el6_6
  • xorg-x11-server-Xorg-0:1.15.0-26.el6_6
  • xorg-x11-server-Xvfb-0:1.15.0-26.el6_6
  • xorg-x11-server-common-0:1.15.0-26.el6_6
  • xorg-x11-server-devel-0:1.15.0-26.el6_6
  • xorg-x11-server-source-0:1.15.0-26.el6_6
  • xorg-x11-server-Xdmx-0:1.15.0-33.el7_1
  • xorg-x11-server-Xephyr-0:1.15.0-33.el7_1
  • xorg-x11-server-Xnest-0:1.15.0-33.el7_1
  • xorg-x11-server-Xorg-0:1.15.0-33.el7_1
  • xorg-x11-server-Xvfb-0:1.15.0-33.el7_1
  • xorg-x11-server-common-0:1.15.0-33.el7_1
  • xorg-x11-server-devel-0:1.15.0-33.el7_1
  • xorg-x11-server-source-0:1.15.0-33.el7_1
refmap via4
bid 72578
confirm
debian DSA-3160
gentoo GLSA-201504-06
mandriva MDVSA-2015:119
suse
  • openSUSE-SU-2015:0337
  • openSUSE-SU-2015:0338
ubuntu USN-2500-1
Last major update 30-12-2016 - 21:59
Published 13-02-2015 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top