Updated xorg-x11-server packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

X.Org is an open source implementation of the X Window System. It providesthe basic low-level functionality that full-fledged graphical userinterfaces are designed upon.Multiple integer overflow flaws and out-of-bounds write flaws were found inthe way the X.Org server calculated memory requirements for certain X11core protocol and GLX extension requests. A malicious, authenticated clientcould use either of these flaws to crash the X.Org server or, potentially,execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,CVE-2014-8098)It was found that the X.Org server did not properly handle SUN-DES-1(Secure RPC) authentication credentials. A malicious, unauthenticatedclient could use this flaw to crash the X.Org server by submitting aspecially crafted authentication request. (CVE-2014-8091)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver, or leak memory contents to the client. (CVE-2014-8097)Multiple out-of-bounds access flaws were found in the way the X.Org servercalculated memory requirements for certain requests. A malicious,authenticated client could use either of these flaws to crash the X.Orgserver. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,CVE-2014-8101, CVE-2014-8102)All xorg-x11-server users are advised to upgrade to these updated packages,which contain backported patches to correct these issues.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client)

SRPMS:
xorg-x11-server-1.1.1-48.107.el5_11.src.rpm
    MD5: 94a336517d02c8ee0733c017b0e2618dSHA-256: 9a5a2153ae0ecf4516e336b4a2666997268437dce9f5f818ba95d44a8349dad6
 
IA-32:
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm
    MD5: c93205eee9bbe9d872b65fb9c58fc3b9SHA-256: bf18b45f6785083d97eae929221eec68cf54424d6397efcbede2232c10f09987
xorg-x11-server-sdk-1.1.1-48.107.el5_11.i386.rpm
    MD5: 83987df9ea21c5ae92c75eec92178bc0SHA-256: cb4377ddf63ea7026c5568011fd60c28415dc4be03a652f8da4ac8e4e0d8fc8f
 
x86_64:
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 87017853abcf5f91fb27831fd9b4efb2SHA-256: 93d6ca06426ae96ca14aab7853a3637db248f1eafe2a0f62195af390650f1ecc
xorg-x11-server-sdk-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 7ba9c584e471d0a8974e1da4eddbc10eSHA-256: 5537cd204c72b1d83143b251ae4fbce13649dad768394ea97ec16ae8f473672a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
xorg-x11-server-1.1.1-48.107.el5_11.src.rpm
    MD5: 94a336517d02c8ee0733c017b0e2618dSHA-256: 9a5a2153ae0ecf4516e336b4a2666997268437dce9f5f818ba95d44a8349dad6
 
IA-32:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.i386.rpm
    MD5: 54db77f7799f341c8ee147f2bde0d17dSHA-256: f281dbe530c48a0668551e61f53c1656def833f4f85da1e9fea1b73e2333aef8
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.i386.rpm
    MD5: 76344337f43bef8093583dd3972173d6SHA-256: 58580a75f41a5f111afd44ba2e6ca16a4fd38886225f55e51cad51a9c704ff5d
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.i386.rpm
    MD5: 172c29048aa7cf70718941e603ea09feSHA-256: d961824bc051cc990e12e67032096e269d6a64ce37c59b1939c2db7a5772f225
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.i386.rpm
    MD5: 560d1306f24b69cb2a00c10bba1208a3SHA-256: e7890499df2f1a49603ea5baeff7a3d744ac5627cb9e8f87bcb1a5f9c3badb41
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.i386.rpm
    MD5: a4a9a771589400180575110a60e8f754SHA-256: 41cd10bad339101f80a42743084832498b8eef93f38dcb4cc18a5565a6e6eb0b
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.i386.rpm
    MD5: 3077376c7d0c4926ff4c4e415665190cSHA-256: 2726ea4af9ed2fd6e0861fb0a946f2bf914053637b020de1faefeb255cfd015c
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm
    MD5: c93205eee9bbe9d872b65fb9c58fc3b9SHA-256: bf18b45f6785083d97eae929221eec68cf54424d6397efcbede2232c10f09987
xorg-x11-server-sdk-1.1.1-48.107.el5_11.i386.rpm
    MD5: 83987df9ea21c5ae92c75eec92178bc0SHA-256: cb4377ddf63ea7026c5568011fd60c28415dc4be03a652f8da4ac8e4e0d8fc8f
 
IA-64:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 5518c106848cc3ef55a54ceb64f1a678SHA-256: 3edda80b56139a32d91b0689e011b5941a5c8405959a1b3763a63afba6c7b9a9
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.ia64.rpm
    MD5: d994ab43a61d1869b6fbcb71b16a0a63SHA-256: ec3028cddcc3664e422916556b3b9ed987fd19818cdff98f2e08e7e62e273840
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.ia64.rpm
    MD5: df51c23fb08e1796d2b7ede5613c1b21SHA-256: ba7a290ba2a4b92e2f4a047d4de7688df3927efbeaac6116ad4deb9b3077f323
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 30f71d72729beaeef84646d6029a9c61SHA-256: 94962f1b712a6831187e4f687fa6251aea88d6ff08750effb04ea2f1b103dee8
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 77ec00d0e9121ab700d0c1d91f52a6f6SHA-256: 6cb77041a9551bb4d16ee2b90e1bb37a565527d67848f547ce08525b98797538
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 47cee114848cdc3202d1291b161514e1SHA-256: bdd44df4b764db2128ab211deae97c7c574ac29968c5a396e7fc4dd4be5b4af1
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 02fd3c994b4ea8fb90e7af541b78a977SHA-256: e7d5897824dd61660015c8c238fa28ef219495ae5ccb6e8e5cdb9bcebc625692
xorg-x11-server-sdk-1.1.1-48.107.el5_11.ia64.rpm
    MD5: 8dadfbb31f1842866ed563fde7f41362SHA-256: cf132aec14242187cb87863559e0ac023c7b95561f1841441d1ace85e5df158d
 
PPC:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.ppc.rpm
    MD5: fdeb0df3592cd1dbc45aa55b691aa9b4SHA-256: 0f248942e8ebf318678f2e8c11c71263b566c40f7f494010d9b739982e73fb02
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.ppc.rpm
    MD5: 2d9bab7b699305bc70eb60d1ef8c997eSHA-256: 21b6496d6977ad8366de4a525ac63f18c18774fecbaf1c5e7e0b3b2705987068
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.ppc.rpm
    MD5: e7f29874612b3518f6326e528318b002SHA-256: 80d079fe170a9a5e303d303db97f6cf056e45a36986ab7ede425662d6b11474e
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.ppc.rpm
    MD5: 05b691df43e108185ef121d9934ceabbSHA-256: 2687fdf7c3abd15f04521e3ec321652bead6f63ff1a8a08da12eee5b149e4bb8
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.ppc.rpm
    MD5: 1f1e2b0498a24f071240e563e78c1061SHA-256: f9166570ed801444c32dcfc579ff5d72d9af2ea0b99c72f4dbc66d56212231ca
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.ppc.rpm
    MD5: de0f70ebdc919c1e9afc15d6f3b15125SHA-256: f0343af4b6a43ee15c8a6a1ef500c0aba3dacffbbf1f74046a051b90e6963b23
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.ppc.rpm
    MD5: 3b52354c95a0588ccf9900f178ec5968SHA-256: c76a499032fb7bcd3e4918574a09fcbc8c1a451232ed5dac0d7706ad6eecdf61
xorg-x11-server-sdk-1.1.1-48.107.el5_11.ppc.rpm
    MD5: a210dcff213ee258c4ef6636861c48f9SHA-256: c021a3d61db1ff2a2f8c8d3000e1ce038c4a2817d67bc8c80cc3b56d931f63b9
 
s390x:
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.s390x.rpm
    MD5: 68e9a25fa78d50636d433d5eb07fd2fcSHA-256: d973a4959ebf51787ba0cf03faf6718b8825092420b3a9dcfe50931217ab128d
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.s390x.rpm
    MD5: e3aaa4e68b415b59105348b4a8672850SHA-256: f5b00a68efb093619f3cc157ebb21c032aa946cf274d380aa352a4f288ef2a2f
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.s390x.rpm
    MD5: 88ac71d4ad13d43e6bc740d11ceb807eSHA-256: 76bf65d3a368574172ae1efb33e3631ae20ab7e6eea8650b2e9e1234e05feafa
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.s390x.rpm
    MD5: d7a587ee212725e63f943fcb7532980dSHA-256: 823775746c13c694e1296063165cf90c0ee7130636f10c366251f412f38e0932
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.s390x.rpm
    MD5: 2cf1b0414e022a45d1da00497c1385bdSHA-256: 774d81843442fd46c0c1d5139e623582e4784d3bfc0fc8d16cd65ec2b5194107
 
x86_64:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 9351d3c6e79c76ea2dc31647ecb8c7bcSHA-256: ea5a3d38affca4a86832c075a9f3ea95a181b60256d27c3e36bc90cac5c17d0f
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: af593401a57959931055bf02e15a6c6dSHA-256: f29462c9f69f0fc2a0d617fe0a705249f8c426ac13a44b167e6a9fc248768962
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 79b1fe8d3058dacd30701aa98c7db95aSHA-256: 9b89bb549f0a75c90883a50f28cceed80dfc7e7be3e50b09d923a941453a2077
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 435b117065bdf8eb5586fe3719d3fa88SHA-256: a0b40a881dca90096482b428d12eca2d956ef20675cd9591a46f0658f22d5db3
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 64305d5e218d4eabed3b15faf7160f16SHA-256: dc02d9416371de153410d2b507a1ea043b7b2965344c2145434b00b7f165d16d
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: a6ea5854219ad0e1c933df4df71f2892SHA-256: fe20c3ee8ee60d1f9c5ae2da42dbbcb77995a4f7c92e794e6856e5e2dbab763f
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 87017853abcf5f91fb27831fd9b4efb2SHA-256: 93d6ca06426ae96ca14aab7853a3637db248f1eafe2a0f62195af390650f1ecc
xorg-x11-server-sdk-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 7ba9c584e471d0a8974e1da4eddbc10eSHA-256: 5537cd204c72b1d83143b251ae4fbce13649dad768394ea97ec16ae8f473672a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
xorg-x11-server-1.1.1-48.107.el5_11.src.rpm
    MD5: 94a336517d02c8ee0733c017b0e2618dSHA-256: 9a5a2153ae0ecf4516e336b4a2666997268437dce9f5f818ba95d44a8349dad6
 
IA-32:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.i386.rpm
    MD5: 54db77f7799f341c8ee147f2bde0d17dSHA-256: f281dbe530c48a0668551e61f53c1656def833f4f85da1e9fea1b73e2333aef8
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.i386.rpm
    MD5: 76344337f43bef8093583dd3972173d6SHA-256: 58580a75f41a5f111afd44ba2e6ca16a4fd38886225f55e51cad51a9c704ff5d
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.i386.rpm
    MD5: 172c29048aa7cf70718941e603ea09feSHA-256: d961824bc051cc990e12e67032096e269d6a64ce37c59b1939c2db7a5772f225
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.i386.rpm
    MD5: 560d1306f24b69cb2a00c10bba1208a3SHA-256: e7890499df2f1a49603ea5baeff7a3d744ac5627cb9e8f87bcb1a5f9c3badb41
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.i386.rpm
    MD5: a4a9a771589400180575110a60e8f754SHA-256: 41cd10bad339101f80a42743084832498b8eef93f38dcb4cc18a5565a6e6eb0b
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.i386.rpm
    MD5: 3077376c7d0c4926ff4c4e415665190cSHA-256: 2726ea4af9ed2fd6e0861fb0a946f2bf914053637b020de1faefeb255cfd015c
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.i386.rpm
    MD5: c93205eee9bbe9d872b65fb9c58fc3b9SHA-256: bf18b45f6785083d97eae929221eec68cf54424d6397efcbede2232c10f09987
 
x86_64:
xorg-x11-server-Xdmx-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 9351d3c6e79c76ea2dc31647ecb8c7bcSHA-256: ea5a3d38affca4a86832c075a9f3ea95a181b60256d27c3e36bc90cac5c17d0f
xorg-x11-server-Xephyr-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: af593401a57959931055bf02e15a6c6dSHA-256: f29462c9f69f0fc2a0d617fe0a705249f8c426ac13a44b167e6a9fc248768962
xorg-x11-server-Xnest-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 79b1fe8d3058dacd30701aa98c7db95aSHA-256: 9b89bb549f0a75c90883a50f28cceed80dfc7e7be3e50b09d923a941453a2077
xorg-x11-server-Xorg-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 435b117065bdf8eb5586fe3719d3fa88SHA-256: a0b40a881dca90096482b428d12eca2d956ef20675cd9591a46f0658f22d5db3
xorg-x11-server-Xvfb-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 64305d5e218d4eabed3b15faf7160f16SHA-256: dc02d9416371de153410d2b507a1ea043b7b2965344c2145434b00b7f165d16d
xorg-x11-server-Xvnc-source-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: a6ea5854219ad0e1c933df4df71f2892SHA-256: fe20c3ee8ee60d1f9c5ae2da42dbbcb77995a4f7c92e794e6856e5e2dbab763f
xorg-x11-server-debuginfo-1.1.1-48.107.el5_11.x86_64.rpm
    MD5: 87017853abcf5f91fb27831fd9b4efb2SHA-256: 93d6ca06426ae96ca14aab7853a3637db248f1eafe2a0f62195af390650f1ecc
 
(The unlinked packages above are only available from the Red Hat Network)
1168680 – CVE-2014-8091 xorg-x11-server: denial of service due to unchecked malloc in client authentication1168684 – CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests1168688 – CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests1168694 – CVE-2014-8095 xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension1168700 – CVE-2014-8096 xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension1168705 – CVE-2014-8097 xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension1168707 – CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating length or offset values in GLX extension1168710 – CVE-2014-8099 xorg-x11-server: out of bounds access due to not validating length or offset values in XVideo extension1168711 – CVE-2014-8100 xorg-x11-server: out of bounds access due to not validating length or offset values in Render extension1168713 – CVE-2014-8101 xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension1168714 – CVE-2014-8102 xorg-x11-server: out of bounds access due to not validating length or offset values in XFixes extension

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply