Vulnerabilities > CVE-2015-0255 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-3964.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82279 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82279 title Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-3964. # include("compat.inc"); if (description) { script_id(82279); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2015-3964"); script_name(english:"Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs's four-digit version string. Thanks to Nito Martinez from TheQVD project! - Fix unowned directories - Minor cleanup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98af766f" ); script_set_attribute( attribute:"solution", value:"Update the affected nx-libs package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"nx-libs-3.5.0.29-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2500-1.NASL description Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6424). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81398 published 2015-02-18 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81398 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities (USN-2500-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2500-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81398); script_version("1.7"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2013-6424", "CVE-2015-0255"); script_bugtraq_id(64127, 72578); script_xref(name:"USN", value:"2500-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities (USN-2500-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6424). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2500-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected xserver-xorg-core, xserver-xorg-core-lts-trusty and / or xserver-xorg-core-lts-utopic packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-lts-trusty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-lts-utopic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"xserver-xorg-core", pkgver:"2:1.11.4-0ubuntu10.17")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"xserver-xorg-core-lts-trusty", pkgver:"2:1.15.1-0ubuntu2~precise5")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"xserver-xorg-core", pkgver:"2:1.15.1-0ubuntu2.7")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"xserver-xorg-core-lts-utopic", pkgver:"2:1.16.0-1ubuntu1.2~trusty2")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"xserver-xorg-core", pkgver:"2:1.16.0-1ubuntu1.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xserver-xorg-core / xserver-xorg-core-lts-trusty / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-169.NASL description xorg-x11-server was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). last seen 2020-06-05 modified 2015-02-23 plugin id 81433 published 2015-02-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81433 title openSUSE Security Update : xorg-x11-server (openSUSE-2015-169) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-169. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(81433); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-0255"); script_name(english:"openSUSE Security Update : xorg-x11-server (openSUSE-2015-169)"); script_summary(english:"Check for the openSUSE-2015-169 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "xorg-x11-server was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915810" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-debuginfo-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-debugsource-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-extra-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-extra-debuginfo-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xorg-x11-server-sdk-7.6_1.14.3.901-16.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-7.6_1.16.1-9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-debuginfo-7.6_1.16.1-9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-debugsource-7.6_1.16.1-9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-extra-7.6_1.16.1-9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-extra-debuginfo-7.6_1.16.1-9.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-server-sdk-7.6_1.16.1-9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-debuginfo / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0797.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 82693 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82693 title RHEL 6 / 7 : xorg-x11-server (RHSA-2015:0797) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0797. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(82693); script_version("1.13"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2015-0255"); script_xref(name:"RHSA", value:"2015:0797"); script_name(english:"RHEL 6 / 7 : xorg-x11-server (RHSA-2015:0797)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ script_set_attribute( attribute:"see_also", value:"https://www.x.org/wiki/Development/Security/Advisory-2015-02-10/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0797" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0255" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/13"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0797"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-Xdmx-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-Xdmx-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-Xdmx-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-Xephyr-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-Xephyr-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-Xephyr-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-Xnest-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-Xnest-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-Xnest-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-Xorg-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-Xorg-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-Xvfb-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-Xvfb-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-Xvfb-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-common-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-common-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-common-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-debuginfo-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"xorg-x11-server-debuginfo-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-debuginfo-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"xorg-x11-server-devel-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"xorg-x11-server-devel-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL6", reference:"xorg-x11-server-source-1.15.0-26.el6_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-Xdmx-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-Xdmx-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-Xephyr-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-Xephyr-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-Xnest-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-Xnest-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-Xorg-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-Xvfb-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-Xvfb-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-common-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-common-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"i686", reference:"xorg-x11-server-debuginfo-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"xorg-x11-server-debuginfo-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-debuginfo-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"i686", reference:"xorg-x11-server-devel-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"xorg-x11-server-devel-1.15.0-33.el7_1")) flag++; if (rpm_check(release:"RHEL7", reference:"xorg-x11-server-source-1.15.0-33.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); } }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_54A69CF7B2EF11E4B1F1BCAEC565249C.NASL description Peter Hutterer reports : Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory. A similarly crafted request can likely cause the X server to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 81332 published 2015-02-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81332 title FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(81332); script_version("1.4"); script_cvs_date("Date: 2018/11/21 10:46:31"); script_cve_id("CVE-2015-0255"); script_name(english:"FreeBSD : xorg-server -- Information leak in the XkbSetGeometry request of X servers. (54a69cf7-b2ef-11e4-b1f1-bcaec565249c)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Peter Hutterer reports : Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request. The issue stems from the server trusting the client to send valid string lengths in the request data. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. The data length is at least up to 64k, it is possible to obtain more data by chaining strings, each string length is then determined by whatever happens to be in that 16-bit region of memory. A similarly crafted request can likely cause the X server to crash." ); # http://lists.freedesktop.org/archives/xorg/2015-February/057158.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/archives/xorg/2015-February/057158.html" ); # https://vuxml.freebsd.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7fd55e61" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:xorg-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:xorg-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"xorg-server<1.14.7_2,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"xorg-server>=1.15.0,1<1.16.4,1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0939-1.NASL description tigervnc and fltk were updated to fix security issues and non-security bugs. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83855 published 2015-05-27 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83855 title SUSE SLED12 / SLES12 Security Update : tigervnc, fltk (SUSE-SU-2015:0939-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0939-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83855); script_version("2.10"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2015-0255"); script_bugtraq_id(72578); script_name(english:"SUSE SLED12 / SLES12 Security Update : tigervnc, fltk (SUSE-SU-2015:0939-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "tigervnc and fltk were updated to fix security issues and non-security bugs. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=908738" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=911577" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=915782" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=915810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920969" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0255/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150939-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2459e9b7" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-210=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-210=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-210=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fltk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfltk1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfltk1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tigervnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tigervnc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tigervnc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xorg-x11-Xvnc-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/13"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"fltk-debugsource-1.3.2-10.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfltk1-1.3.2-10.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfltk1-debuginfo-1.3.2-10.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"tigervnc-1.4.1-32.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"tigervnc-debuginfo-1.4.1-32.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"tigervnc-debugsource-1.4.1-32.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"xorg-x11-Xvnc-1.4.1-32.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"xorg-x11-Xvnc-debuginfo-1.4.1-32.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"fltk-debugsource-1.3.2-10.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libfltk1-1.3.2-10.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libfltk1-debuginfo-1.3.2-10.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"tigervnc-1.4.1-32.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"tigervnc-debuginfo-1.4.1-32.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"tigervnc-debugsource-1.4.1-32.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xorg-x11-Xvnc-1.4.1-32.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xorg-x11-Xvnc-debuginfo-1.4.1-32.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tigervnc / fltk"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-170.NASL description tigervnc was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810). last seen 2020-06-05 modified 2015-02-23 plugin id 81434 published 2015-02-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81434 title openSUSE Security Update : tigervnc (openSUSE-2015-170) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-170. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(81434); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-0255"); script_name(english:"openSUSE Security Update : tigervnc (openSUSE-2015-170)"); script_summary(english:"Check for the openSUSE-2015-170 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "tigervnc was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers (bnc#915810)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915810" ); script_set_attribute( attribute:"solution", value:"Update the affected tigervnc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tigervnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tigervnc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tigervnc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"tigervnc-1.4.1-6.26.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"tigervnc-debuginfo-1.4.1-6.26.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"tigervnc-debugsource-1.4.1-6.26.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-Xvnc-1.4.1-6.26.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"xorg-x11-Xvnc-debuginfo-1.4.1-6.26.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tigervnc / tigervnc-debuginfo / tigervnc-debugsource / etc"); }NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL description The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum. (CVE-2010-1324) - A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2015-1803) - An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-8102) - A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts. (CVE-2014-0230) - A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581) last seen 2020-06-01 modified 2020-06-02 plugin id 84795 published 2015-07-16 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84795 title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-218.NASL description Olivier Fourdan discovered that missing input validation in the Xserver last seen 2020-03-17 modified 2015-05-04 plugin id 83190 published 2015-05-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83190 title Debian DLA-218-1 : xorg-server security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3160.NASL description Olivier Fourdan discovered that missing input validation in the Xserver last seen 2020-03-17 modified 2015-02-12 plugin id 81301 published 2015-02-12 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81301 title Debian DSA-3160-1 : xorg-server - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0398-1.NASL description xorg-x11-server was updated to fix one security issue. This security issue was fixed : - CVE-2015-0255: Check string lengths in XkbSetGeometry request (bnc#915810) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83690 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83690 title SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2015:0398-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3948.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82278 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82278 title Fedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-519.NASL description A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) last seen 2020-06-01 modified 2020-06-02 plugin id 83270 published 2015-05-07 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83270 title Amazon Linux AMI : xorg-x11-server (ALAS-2015-519) NASL family Scientific Linux Local Security Checks NASL id SL_20150410_XORG_X11_SERVER_ON_SL6_X.NASL description A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) last seen 2020-03-18 modified 2015-04-14 plugin id 82759 published 2015-04-14 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82759 title Scientific Linux Security Update : xorg-x11-server on SL6.x, SL7.x i386/x86_64 (20150410) NASL family SuSE Local Security Checks NASL id SUSE_11_XORG-X11-XVNC-150210.NASL description xorg-x11-server has been updated to fix one security issue : - Check string lenghts in XkbSetGeometry request (bnc#915810) This non-security issue has been fixed :. (CVE-2015-0255) - Option last seen 2020-06-01 modified 2020-06-02 plugin id 81643 published 2015-03-05 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81643 title SuSE 11.3 Security Update : xorg-x11-Xvnc (SAT Patch Number 10298) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-06.NASL description The remote host is affected by the vulnerability described in GLSA-201504-06 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 84071 published 2015-06-10 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84071 title GLSA-201504-06 : X.Org X Server: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2015-3953.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-23 plugin id 81988 published 2015-03-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81988 title Fedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-119.NASL description Updated x11-server packages fix security vulnerabilities : Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102). Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash (CVE-2015-0255). last seen 2020-06-01 modified 2020-06-02 plugin id 82372 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82372 title Mandriva Linux Security Advisory : x11-server (MDVSA-2015:119) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0797.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 82714 published 2015-04-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82714 title CentOS 6 / 7 : xorg-x11-server (CESA-2015:0797) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0797.NASL description From Red Hat Security Advisory 2015:0797 : Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 82690 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82690 title Oracle Linux 6 / 7 : xorg-x11-server (ELSA-2015-0797)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://advisories.mageia.org/MGASA-2015-0073.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html
- http://rhn.redhat.com/errata/RHSA-2015-0797.html
- http://www.debian.org/security/2015/dsa-3160
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/72578
- http://www.ubuntu.com/usn/USN-2500-1
- http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
- https://security.gentoo.org/glsa/201504-06