Updated x11-server packages fix security vulnerabilities:
Ilja van Sprundel of IOActive discovered several security issues in the
X.org X server, which may lead to privilege escalation or denial of
service (CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094,
CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098,
CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102).
Olivier Fourdan from Red Hat has discovered a protocol handling
issue in the way the X server code base handles the XkbSetGeometry
request, where the server trusts the client to send valid string
lengths. A malicious client with string lengths exceeding the
request length can cause the server to copy adjacent memory data
into the XKB structs. This data is then available to the client via
the XkbGetGeometry request. This can lead to information disclosure
issues, as well as possibly a denial of service if a similar request
can cause the server to crash (CVE-2015-0255).