Bug 1146596 (CVE-2014-8092) - VUL-0: CVE-2014-8092: xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
Summary: VUL-0: CVE-2014-8092: xorg-x11-server: integer overflow in X11 core protocol ...
Status: RESOLVED FIXED
Alias: CVE-2014-8092
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Major
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/240296/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-21 09:59 UTC by Wolfgang Frisch
Modified: 2019-08-21 10:00 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-08-21 09:59:15 UTC 
CVE-2014-8092

ProcPutImage(), GetHosts(), RegionSizeof(), REQUEST_FIXED_SIZE() calls do not check that their calculations for how much memory
is needed to handle the client's request have not overflowed, so can
result in out of bounds reads or writes.  These calls all occur only
after a client has successfully authenticated itself.

Introduced in X11R1 (1987).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1168684
https://bugzilla.redhat.com/show_bug.cgi?id=1216020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8092
https://rhn.redhat.com/errata/RHSA-2014-1982.html
https://rhn.redhat.com/errata/RHSA-2014-1983.html
Comment 1 Wolfgang Frisch 2019-08-21 10:00:24 UTC 
Already fixed with a patch:
SUSE:SLE-11-SP1:Update
SUSE:SLE-11-SP3:Update

Already fixed in the source:
SUSE:SLE-12-SP1:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-12-SP4:Update
SUSE:SLE-15-SP1:Update
SUSE:SLE-15:Update