SB2015031808 - Information disclosure in xorg-server (Alpine package)
Published: March 18, 2015
Security Bulletin ID
SB2015031808
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2015-0255)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9858cf87912aadf8d2123398e690ca6bf8715f78
- https://git.alpinelinux.org/aports/commit/?id=9aa69f68b20ca9c287575dc87a16288df6fab94e
- https://git.alpinelinux.org/aports/commit/?id=1aafd27180ee26d45a0e2fb43768cbaf624132ef
- https://git.alpinelinux.org/aports/commit/?id=71e7e3785b6decceaa3a20ec416431ccc073e7f0