6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
4.5 Medium
AI Score
Confidence
High
0.079 Low
EPSS
Percentile
94.3%
Package : xorg-server
Version : 2:1.7.7-18+deb6u2
CVE ID : CVE-2015-0255
Olivier Fourdan discovered that missing input validation in the Xserver's
handling of XkbSetGeometry requests may result in an information leak or
denial of service.
This upload to Debian squeeze-lts fixes the issue by not swapping
XkbSetGeometry data in the input buffer any more and checking strings'
length against request size.
–
mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | mipsel | xserver-xorg-core | < 2:1.12.4-6+deb7u6 | xserver-xorg-core_2:1.12.4-6+deb7u6_mipsel.deb |
Debian | 7 | mipsel | xserver-xorg-core-udeb | < 2:1.12.4-6+deb7u6 | xserver-xorg-core-udeb_2:1.12.4-6+deb7u6_mipsel.deb |
Debian | 7 | sparc | xserver-xorg-core | < 2:1.12.4-6+deb7u6 | xserver-xorg-core_2:1.12.4-6+deb7u6_sparc.deb |
Debian | 6 | amd64 | xvfb | < 2:1.7.7-18+deb6u2 | xvfb_2:1.7.7-18+deb6u2_amd64.deb |
Debian | 7 | kfreebsd-amd64 | xserver-xephyr | < 2:1.12.4-6+deb7u6 | xserver-xephyr_2:1.12.4-6+deb7u6_kfreebsd-amd64.deb |
Debian | 7 | mipsel | xnest | < 2:1.12.4-6+deb7u6 | xnest_2:1.12.4-6+deb7u6_mipsel.deb |
Debian | 7 | armel | xnest | < 2:1.12.4-6+deb7u6 | xnest_2:1.12.4-6+deb7u6_armel.deb |
Debian | 7 | ia64 | xvfb | < 2:1.12.4-6+deb7u6 | xvfb_2:1.12.4-6+deb7u6_ia64.deb |
Debian | 7 | kfreebsd-i386 | xnest | < 2:1.12.4-6+deb7u6 | xnest_2:1.12.4-6+deb7u6_kfreebsd-i386.deb |
Debian | 7 | amd64 | xserver-xorg-dev | < 2:1.12.4-6+deb7u6 | xserver-xorg-dev_2:1.12.4-6+deb7u6_amd64.deb |