Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 539692 (CVE-2015-0255)

Summary: <x11-base/xorg-server-{1.12.4-r4,1.15.2-r2}: Information leak in the XkbSetGeometry request of X servers (CVE-2015-0255)
Product: Gentoo Security Reporter: Chandler Paul <thatslyude>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: x11
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.x.org/archives/xorg/2015-February/057158.html
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 530652    
Bug Blocks:    

Description Chandler Paul 2015-02-10 23:19:40 UTC
An issue with how X handles the XkbSetGeometry request has been found by our friends at Red Hat, this issue can apparently result in the leaking of information from the X server. More information, and patches, can be found here.

http://lists.x.org/archives/xorg/2015-February/057158.html

I haven't tried to apply the patch to Gentoo's latest X server release yet, so I'll try that in just a little bit and let you guys know if it works as-is.
Comment 1 Chandler Paul 2015-02-10 23:27:30 UTC
The two patches mentioned in the e-mail apply perfectly against the latest stable xorg-server ebuild in portage. Running now and there don't seem to be any issues.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-11 09:38:28 UTC
*** Bug 539740 has been marked as a duplicate of this bug. ***
Comment 3 Chí-Thanh Christopher Nguyễn gentoo-dev 2015-02-11 10:23:02 UTC
xorg-server-1.12.4-r4.ebuild and xorg-server-1.15.2-r2.ebuild have been committed to fix this issue. Stabilization of these will be requested in bug 530652.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-02-14 12:43:30 UTC
CVE-2015-0255 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0255):
  X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before
  1.17.1 allows remote attackers to obtain sensitive information from process
  memory or cause a denial of service (crash) via a crafted string length
  value in a XkbSetGeometry request.
Comment 5 Chí-Thanh Christopher Nguyễn gentoo-dev 2015-03-17 18:36:55 UTC
Vulnerable versions have been removed from the tree.
Comment 6 Sergey Popov (RETIRED) gentoo-dev 2015-04-17 12:48:30 UTC
Added to existing GLSA request
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-04-17 12:55:31 UTC
This issue was resolved and addressed in
 GLSA 201504-06 at https://security.gentoo.org/glsa/201504-06
by GLSA coordinator Sergey Popov (pinkbyte).