Package "xorg-server-source"
Name: |
xorg-server-source
|
Description: |
Xorg X server - source files
|
Latest version: |
2:1.19.6-1ubuntu4.15 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Head package: |
xorg-server |
Homepage: |
https://www.x.org/ |
Links
Download "xorg-server-source"
Other versions of "xorg-server-source" in Bionic
Changelog
xorg-server (2:1.19.6-1ubuntu4.15) bionic-security; urgency=medium
* SECURITY UPDATE: Overlay Window Use-After-Free
- debian/patches/CVE-2023-1393.patch: fix use-after-free of the COW in
composite/compwindow.c.
- CVE-2023-1393
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2023 08:54:41 -0400
|
Source diff to previous version |
xorg-server (2:1.19.6-1ubuntu4.14) bionic-security; urgency=medium
* SECURITY UPDATE: DeepCopyPointerClasses use-after-free
- debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
Xi/exevents.c.
- CVE-2023-0494
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 07:49:04 -0500
|
Source diff to previous version |
CVE-2023-0494 |
Xi: fix potential use-after-free in DeepCopyPointerClasses |
|
xorg-server (2:1.19.6-1ubuntu4.13) bionic-security; urgency=medium
* SECURITY UPDATE: XTestSwapFakeInput stack overflow
- debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
XTestSwapFakeInput in Xext/xtest.c.
- CVE-2022-46340
* SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
- debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
detail > 255 in Xi/xipassivegrab.c.
- CVE-2022-46341
* SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
- debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
turning off from the same client in Xext/xvmain.c.
- CVE-2022-46342
* SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
- debian/patches/CVE-2022-46343.patch: free the screen saver resource
when replacing it in Xext/saver.c.
- CVE-2022-46343
* SECURITY UPDATE: XIChangeProperty out-of-bounds access
- debian/patches/CVE-2022-46344-1.patch: return an error from XI
property changes if verification failed in Xi/xiproperty.c.
- debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
length check of ProcXIChangeProperty in Xi/xiproperty.c.
- CVE-2022-46344
* SECURITY UPDATE: XkbGetKbdByName use-after-free
- debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
NULL after freeing it in xkb/xkbUtils.c.
- CVE-2022-4283
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2022 09:08:39 -0500
|
Source diff to previous version |
CVE-2022-46340 |
Xtest: disallow GenericEvents in XTestSwapFakeInput |
CVE-2022-46341 |
Xi: disallow passive grabs with a detail > 255 |
CVE-2022-46342 |
Xext: free the XvRTVideoNotify when turning off from the same client |
CVE-2022-46343 |
Xext: free the screen saver resource when replacing it |
CVE-2022-46344 |
Xi: avoid integer truncation in length check of ProcXIChangeProperty |
CVE-2022-4283 |
xkb: reset the radio_groups pointer to NULL after freeing it |
|
xorg-server (2:1.19.6-1ubuntu4.12) bionic-security; urgency=medium
* SECURITY UPDATE: GetCountedString Buffer Overflow
- debian/patches/CVE-2022-3550.patch: add a check for client->req_len
size for _GetCountedString in xkb/xkb.c.
- CVE-2022-3550
* SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
- debian/patches/CVE-2022-3551.patch: add calls to free allocated
memory if the execution reaches failures in ProcXkbGetKbdByName
in xkb/xkb.c.
- CVE-2022-3551
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 11:21:35 -0300
|
Source diff to previous version |
CVE-2022-3550 |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xk |
CVE-2022-3551 |
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of t |
|
xorg-server (2:1.19.6-1ubuntu4.11) bionic-security; urgency=medium
* SECURITY UPDATE: ProcXkbSetGeometry Out-Of-Bounds Access
- debian/patches/CVE-2022-2319-pre1.patch: switch to array index loops
to moving pointers in xkb/xkb.c.
- debian/patches/CVE-2022-2319.patch: add request length validation for
XkbSetGeometry in xkb/xkb.c.
- CVE-2022-2319
* SECURITY UPDATE: ProcXkbSetDeviceInfo Out-Of-Bounds Access
- debian/patches/CVE-2022-2320.patch: swap XkbSetDeviceInfo and
XkbSetDeviceInfoCheck in xkb/xkb.c.
- CVE-2022-2320
-- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 09:54:09 -0400
|
CVE-2022-2319 |
ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access |
CVE-2022-2320 |
ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access |
|
About
-
Send Feedback to @ubuntu_updates