Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.
02bfcf82733cc51a9e7242f086fd8e7f523654b1b9c474a9238aec3001352a0f
Red Hat Security Advisory 2015-0797-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. This issue was discovered by Olivier Fourdan of Red Hat.
7ac8b7aced2419a0badae538306c5cb9ccc87d8ef506ce63553f43b2bca66baf
Mandriva Linux Security Advisory 2015-119 - Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service. Olivier Fourdan from Red Hat has discovered a protocol handling issue in the way the X server code base handles the XkbSetGeometry request, where the server trusts the client to send valid string lengths. A malicious client with string lengths exceeding the request length can cause the server to copy adjacent memory data into the XKB structs. This data is then available to the client via the XkbGetGeometry request. This can lead to information disclosure issues, as well as possibly a denial of service if a similar request can cause the server to crash.
9a99ccedd34c67a048ace0a5867356eb6858bcbd1dc024890093acb3993ef4e1
Ubuntu Security Notice 2500-1 - Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
fe374163e95255581fae4cb946e899828286ba84ef6853a6cf93f337dfe7c699
Debian Linux Security Advisory 3160-1 - Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.
a8c6a3b27aaa3ff3ec4661dad807a413a2b37a89aa34950221b7a1e87856681f