Bug 1146596 (CVE-2014-8092)

Summary: VUL-0: CVE-2014-8092: xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: E-mail List <xorg-enterprise-bugs>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/240296/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2019-08-21 09:59:15 UTC
CVE-2014-8092

ProcPutImage(), GetHosts(), RegionSizeof(), REQUEST_FIXED_SIZE() calls do not check that their calculations for how much memory
is needed to handle the client's request have not overflowed, so can
result in out of bounds reads or writes.  These calls all occur only
after a client has successfully authenticated itself.

Introduced in X11R1 (1987).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1168684
https://bugzilla.redhat.com/show_bug.cgi?id=1216020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8092
https://rhn.redhat.com/errata/RHSA-2014-1982.html
https://rhn.redhat.com/errata/RHSA-2014-1983.html
Comment 1 Wolfgang Frisch 2019-08-21 10:00:24 UTC
Already fixed with a patch:
SUSE:SLE-11-SP1:Update
SUSE:SLE-11-SP3:Update

Already fixed in the source:
SUSE:SLE-12-SP1:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-12-SP4:Update
SUSE:SLE-15-SP1:Update
SUSE:SLE-15:Update