CVE-2014-8091
xorg-server - security update
EPSS 4.8%
Description
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
How to fix CVE-2014-8091
To remediate CVE-2014-8091, upgrade the affected package to a fixed version below.
- Debian/xorg-server—upgrade to 2:1.16.2.901-1 or later
- Debian/xorg-server—upgrade to 2:1.7.7-18+deb6u1 or later
- —upgrade to 2:1.12.4-6+deb7u5 or later
Is CVE-2014-8091 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2:1.16.2.901-1
- from 0, < 2:1.7.7-18+deb6u1
- from 0, < 2:1.12.4-6+deb7u5