Jump to:

CVE-2015-3164

Jump to:

CVE-2015-3164

Package xorg-server updated to version 1.18.0-alt1 for branch sisyphus in task 153823.

Published: 2015-07-01
Modified: 2024-11-21

CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Severity: LOW (3.6)

References:

[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland
[wayland-devel] 20150610 X.Org/Wayland Security Advisory: Missing authentication in XWayland
openSUSE-SU-2015:1095
openSUSE-SU-2015:1095
75535
75535
GLSA-201701-64
GLSA-201701-64

Version: 2.1.0

Package xorg-server update in sisyphus on 2015-11-27

ALT-PU-2015-2031-1

Closed vulnerabilities

CVE-2015-3164