{"id":"MGASA-2015-0073","summary":"Updated x11-server packages fix CVE-2015-0255","details":"Updated x11-server packages fix security vulnerability:\n\nOlivier Fourdan from Red Hat has discovered a protocol handling issue in\nthe way the X server code base handles the XkbSetGeometry request, where\nthe server trusts the client to send valid string lengths. A malicious\nclient with string lengths exceeding the request length can cause the server\nto copy adjacent memory data into the XKB structs. This data is then\navailable to the client via the XkbGetGeometry request. This can lead to\ninformation disclosure issues, as well as possibly a denial of service if a\nsimilar request can cause the server to crash (CVE-2015-0255).\n","modified":"2026-04-16T01:46:00.008890152Z","published":"2015-02-17T18:38:13Z","upstream":["CVE-2015-0255"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0073.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15265"},{"type":"WEB","url":"http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}],"affected":[{"package":{"name":"x11-server","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14.5-2.3.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0073.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}