Recommended update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1025-1 Final 1 1 2014-06-27T12:01:01Z current 2014-06-27T12:01:01Z 2014-06-27T12:01:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for xorg-x11-server This collective update for xorg-x11-server provides the following fixes: * Fix a segmentation fault that can occur when X11 packets are forwarded between a client and a server with different endianess. (bnc#874903) * Free software cursor backing pixmap when transition between screens. This fixes a crash in multi screen support when an assert gets hit. (bnc#880835) * Ignore numlock in Xvnc. Following keys from VNC client will be already modulated by numlock on client side. (bnc#878446) * Fix crash when Xinerama gets disabled after RanR12 is initialized. (bnc#878433) * Prevent crash at the end of 2nd server generation when number of privates differ between 1st and 2nd. (bnc#883598) * Move Xinerama disable when only one screen is present to main loop. (bnc#883598) * Improve Xinerama command line option handling. (bnc#883598) * Work around a possible crash when object belongs to a client that no longer exists. (bnc#883516) * Try to make keyboard bell ring on all devices attached to master keyboard. (bnc#879019) * Implement DeleteInputDeviceRequest in Xvnc to avoid server crash when the Xserver restarts after a server reset. (bnc#880745). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-xorg-x11-Xvnc,sledsp3-xorg-x11-Xvnc,slessp3-xorg-x11-Xvnc Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ Link for SUSE-SU-2015:1025-1 https://lists.suse.com/pipermail/sle-security-updates/2015-June/001430.html E-Mail link for SUSE-SU-2015:1025-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/816813 SUSE Bug 816813 https://bugzilla.suse.com/843652 SUSE Bug 843652 https://bugzilla.suse.com/853846 SUSE Bug 853846 https://bugzilla.suse.com/864911 SUSE Bug 864911 https://bugzilla.suse.com/874903 SUSE Bug 874903 https://bugzilla.suse.com/878433 SUSE Bug 878433 https://bugzilla.suse.com/878446 SUSE Bug 878446 https://bugzilla.suse.com/879019 SUSE Bug 879019 https://bugzilla.suse.com/880745 SUSE Bug 880745 https://bugzilla.suse.com/880835 SUSE Bug 880835 https://bugzilla.suse.com/883051 SUSE Bug 883051 https://bugzilla.suse.com/883516 SUSE Bug 883516 https://bugzilla.suse.com/883598 SUSE Bug 883598 https://bugzilla.suse.com/886213 SUSE Bug 886213 https://bugzilla.suse.com/907268 SUSE Bug 907268 https://bugzilla.suse.com/907633 SUSE Bug 907633 https://bugzilla.suse.com/915810 SUSE Bug 915810 https://bugzilla.suse.com/928520 SUSE Bug 928520 https://www.suse.com/security/cve/CVE-2013-4396/ SUSE CVE CVE-2013-4396 page https://www.suse.com/security/cve/CVE-2013-6424/ SUSE CVE CVE-2013-6424 page https://www.suse.com/security/cve/CVE-2014-8091/ SUSE CVE CVE-2014-8091 page https://www.suse.com/security/cve/CVE-2014-8092/ SUSE CVE CVE-2014-8092 page https://www.suse.com/security/cve/CVE-2014-8093/ SUSE CVE CVE-2014-8093 page https://www.suse.com/security/cve/CVE-2014-8094/ SUSE CVE CVE-2014-8094 page https://www.suse.com/security/cve/CVE-2014-8095/ SUSE CVE CVE-2014-8095 page https://www.suse.com/security/cve/CVE-2014-8096/ SUSE CVE CVE-2014-8096 page https://www.suse.com/security/cve/CVE-2014-8097/ SUSE CVE CVE-2014-8097 page https://www.suse.com/security/cve/CVE-2014-8098/ SUSE CVE CVE-2014-8098 page https://www.suse.com/security/cve/CVE-2014-8099/ SUSE CVE CVE-2014-8099 page https://www.suse.com/security/cve/CVE-2014-8100/ SUSE CVE CVE-2014-8100 page https://www.suse.com/security/cve/CVE-2014-8101/ SUSE CVE CVE-2014-8101 page https://www.suse.com/security/cve/CVE-2014-8102/ SUSE CVE CVE-2014-8102 page https://www.suse.com/security/cve/CVE-2015-0255/ SUSE CVE CVE-2015-0255 page https://www.suse.com/security/cve/CVE-2015-3418/ SUSE CVE CVE-2015-3418 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 xorg-x11-server-sdk-7.4-27.97.1 xorg-x11-Xvnc-7.4-27.97.1 xorg-x11-server-7.4-27.97.1 xorg-x11-server-extra-7.4-27.97.1 xorg-x11-Xvnc-7.4-27.97.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-server-7.4-27.97.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-server-extra-7.4-27.97.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 xorg-x11-Xvnc-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-extra-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-Xvnc-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-server-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-server-extra-7.4-27.97.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA xorg-x11-Xvnc-7.4-27.97.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-server-7.4-27.97.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-server-extra-7.4-27.97.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 xorg-x11-server-sdk-7.4-27.97.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. CVE-2013-4396 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2013-4396.html CVE-2013-4396 https://bugzilla.suse.com/843652 SUSE Bug 843652 Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVE-2013-6424 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2013-6424.html CVE-2013-6424 https://bugzilla.suse.com/853846 SUSE Bug 853846 X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. CVE-2014-8091 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8091.html CVE-2014-8091 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/882226 SUSE Bug 882226 https://bugzilla.suse.com/907268 SUSE Bug 907268 Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. CVE-2014-8092 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8092.html CVE-2014-8092 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/1146596 SUSE Bug 1146596 https://bugzilla.suse.com/907268 SUSE Bug 907268 https://bugzilla.suse.com/928520 SUSE Bug 928520 Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. CVE-2014-8093 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8093.html CVE-2014-8093 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. CVE-2014-8094 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8094.html CVE-2014-8094 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. CVE-2014-8095 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8095.html CVE-2014-8095 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. CVE-2014-8096 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8096.html CVE-2014-8096 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. CVE-2014-8097 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8097.html CVE-2014-8097 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. CVE-2014-8098 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8098.html CVE-2014-8098 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. CVE-2014-8099 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8099.html CVE-2014-8099 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. CVE-2014-8100 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8100.html CVE-2014-8100 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. CVE-2014-8101 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8101.html CVE-2014-8101 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. CVE-2014-8102 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2014-8102.html CVE-2014-8102 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/907268 SUSE Bug 907268 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. CVE-2015-0255 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2015-0255.html CVE-2015-0255 https://bugzilla.suse.com/915810 SUSE Bug 915810 The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. CVE-2015-3418 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Desktop 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-Xvnc-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-7.4-27.97.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:xorg-x11-server-extra-7.4-27.97.1 SUSE Linux Enterprise Software Development Kit 11 SP3:xorg-x11-server-sdk-7.4-27.97.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151025-1/ https://www.suse.com/security/cve/CVE-2015-3418.html CVE-2015-3418 https://bugzilla.suse.com/1000496 SUSE Bug 1000496 https://bugzilla.suse.com/928520 SUSE Bug 928520