Bug 1146596 - (CVE-2014-8092) VUL-0: CVE-2014-8092: xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
(CVE-2014-8092)
VUL-0: CVE-2014-8092: xorg-x11-server: integer overflow in X11 core protocol ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/240296/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-21 09:59 UTC by Wolfgang Frisch
Modified: 2019-08-21 10:00 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-08-21 09:59:15 UTC
CVE-2014-8092

ProcPutImage(), GetHosts(), RegionSizeof(), REQUEST_FIXED_SIZE() calls do not check that their calculations for how much memory
is needed to handle the client's request have not overflowed, so can
result in out of bounds reads or writes.  These calls all occur only
after a client has successfully authenticated itself.

Introduced in X11R1 (1987).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1168684
https://bugzilla.redhat.com/show_bug.cgi?id=1216020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8092
https://rhn.redhat.com/errata/RHSA-2014-1982.html
https://rhn.redhat.com/errata/RHSA-2014-1983.html
Comment 1 Wolfgang Frisch 2019-08-21 10:00:24 UTC
Already fixed with a patch:
SUSE:SLE-11-SP1:Update
SUSE:SLE-11-SP3:Update

Already fixed in the source:
SUSE:SLE-12-SP1:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-12-SP4:Update
SUSE:SLE-15-SP1:Update
SUSE:SLE-15:Update