The XOrg X11 server was updated to fix 12 security issues:
* Denial of service due to unchecked malloc in client authentication
(CVE-2014-8091).
* Integer overflows calculating memory needs for requests
(CVE-2014-8092).
* Integer overflows calculating memory needs for requests in GLX
extension (CVE-2014-8093).
* Integer overflows calculating memory needs for requests in DRI2
extension (CVE-2014-8094).
* Out of bounds access due to not validating length or offset values
in requests in XInput extension (CVE-2014-8095).
* Out of bounds access due to not validating length or offset values
in requests in XC-MISC extension (CVE-2014-8096).
* Out of bounds access due to not validating length or offset values
in requests in DBE extension (CVE-2014-8097).
* Out of bounds access due to not validating length or offset values
in requests in GLX extension (CVE-2014-8098).
* Out of bounds access due to not validating length or offset values
in requests in XVideo extension (CVE-2014-8099).
* Out of bounds access due to not validating length or offset values
in requests in Render extension (CVE-2014-8100).
* Out of bounds access due to not validating length or offset values
in requests in RandR extension (CVE-2014-8101).
* Out of bounds access due to not validating length or offset values
in requests in XFixes extension (CVE-2014-8102).
Additionally, these non-security issues were fixed:
* Fix crash in RENDER protocol, PanoramiX wrappers (bnc#864911).
* Some formats used for pictures did not work with the chosen
framebuffer format (bnc#886213).
Security Issues:
* CVE-2014-8091
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091</a>>
* CVE-2014-8092
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092</a>>
* CVE-2014-8093
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093</a>>
* CVE-2014-8094
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094</a>>
* CVE-2014-8095
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095</a>>
* CVE-2014-8096
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096</a>>
* CVE-2014-8097
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097</a>>
* CVE-2014-8098
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098</a>>
* CVE-2014-8099
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099</a>>
* CVE-2014-8100
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100</a>>
* CVE-2014-8101
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101</a>>
* CVE-2014-8102
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102</a>>