Bug 15265

Summary: x11-server new security issue CVE-2015-0255
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: lewyssmith, olchal, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/633088/
Whiteboard: advisory MGA4-32-OK mga4-64-ok
Source RPM: x11-server-1.14.5-2.1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-02-11 18:35:32 CET 
Upstream has issued an advisory on February 10:
http://lists.freedesktop.org/archives/xorg/2015-February/057158.html

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated x11-server packages fix security vulnerability:

Olivier Fourdan from Red Hat has discovered a protocol handling issue in
the way the X server code base handles the XkbSetGeometry request, where
the server trusts the client to send valid string lengths. A malicious
client with string lengths exceeding the request length can cause the server
to copy adjacent memory data into the XKB structs. This data is then
available to the client via the XkbGetGeometry request. This can lead to
information disclosure issues, as well as possibly a denial of service if a
similar request can cause the server to crash (CVE-2015-0255).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
========================

Updated packages in core/updates_testing:
========================
x11-server-1.14.5-2.3.mga4
x11-server-devel-1.14.5-2.3.mga4
x11-server-common-1.14.5-2.3.mga4
x11-server-xorg-1.14.5-2.3.mga4
x11-server-xdmx-1.14.5-2.3.mga4
x11-server-xnest-1.14.5-2.3.mga4
x11-server-xvfb-1.14.5-2.3.mga4
x11-server-xephyr-1.14.5-2.3.mga4
x11-server-xfake-1.14.5-2.3.mga4
x11-server-xfbdev-1.14.5-2.3.mga4
x11-server-source-1.14.5-2.3.mga4

from x11-server-1.14.5-2.3.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-11 23:31:29 CET 
X Server working fine for me on Mageia 4 i586.

Whiteboard: (none) => MGA4-32-OK

Comment 2 David Walser 2015-02-12 16:20:39 CET 
Debian has issued an advisory for this on February 11:
https://www.debian.org/security/2015/dsa-3160

Let's use their more concise description.

Advisory:
========================

Updated x11-server packages fix security vulnerability:

Olivier Fourdan discovered that missing input validation in the Xserver's
handling of XkbSetGeometry requests may result in an information leak or
denial of service (CVE-2015-0255).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
https://www.debian.org/security/2015/dsa-3160

URL: (none) => http://lwn.net/Vulnerabilities/633088/

Comment 3 claire robinson 2015-02-13 13:27:15 CET 
Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time. 

All Ok

Whiteboard: MGA4-32-OK => MGA4-32-OK mga4-64-ok

Comment 4 claire robinson 2015-02-13 19:12:15 CET 
Advisory uploaded.

Whiteboard: MGA4-32-OK mga4-64-ok => advisory MGA4-32-OK mga4-64-ok

Comment 5 olivier charles 2015-02-14 12:12:51 CET 
Testing on Mageia4x32 real hardware (intel core i3, 8 Series/C220 Series Chipset, nvidia GTX750)

- x11-server-xorg-1.14.5-2.3.mga4.i586


with latest testing kernel-desktop, glibc and dbus

OK

CC: (none) => olchal

Comment 6 Lewis Smith 2015-02-14 22:31:43 CET 
Testing MGA4 x64 real hardware

Installed this update alongside concurrent desktop kernel, dbus & glibc updates. No display or keyboard problems noticed.

CC: (none) => lewyssmith

Comment 7 claire robinson 2015-02-17 18:10:40 CET 
Validating.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2015-02-17 19:39:01 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0073.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED