Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0402-1 Final 1 1 2015-02-10T08:46:59Z current 2015-02-10T08:46:59Z 2015-02-10T08:46:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-102,SUSE-SLE-SDK-12-2015-102,SUSE-SLE-SERVER-12-2015-102 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150402-1/ Link for SUSE-SU-2015:0402-1 https://lists.suse.com/pipermail/sle-security-updates/2015-February/001258.html E-Mail link for SUSE-SU-2015:0402-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/915810 SUSE Bug 915810 https://www.suse.com/security/cve/CVE-2015-0255/ SUSE CVE CVE-2015-0255 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 xorg-x11-server-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Desktop 12 xorg-x11-server-extra-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Desktop 12 xorg-x11-server-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Server 12 xorg-x11-server-extra-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Server 12 xorg-x11-server-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 xorg-x11-server-extra-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 xorg-x11-server-sdk-7.6_1.15.2-21.1 as a component of SUSE Linux Enterprise Software Development Kit 12 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. CVE-2015-0255 SUSE Linux Enterprise Desktop 12:xorg-x11-server-7.6_1.15.2-21.1 SUSE Linux Enterprise Desktop 12:xorg-x11-server-extra-7.6_1.15.2-21.1 SUSE Linux Enterprise Server 12:xorg-x11-server-7.6_1.15.2-21.1 SUSE Linux Enterprise Server 12:xorg-x11-server-extra-7.6_1.15.2-21.1 SUSE Linux Enterprise Server for SAP Applications 12:xorg-x11-server-7.6_1.15.2-21.1 SUSE Linux Enterprise Server for SAP Applications 12:xorg-x11-server-extra-7.6_1.15.2-21.1 SUSE Linux Enterprise Software Development Kit 12:xorg-x11-server-sdk-7.6_1.15.2-21.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150402-1/ https://www.suse.com/security/cve/CVE-2015-0255.html CVE-2015-0255 https://bugzilla.suse.com/915810 SUSE Bug 915810