Package "xorg-server"
Name: |
xorg-server
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- common files used by various X servers
- nested X server
- Xorg X server - core server
- Xorg X server - development files
|
Latest version: |
2:1.20.13-1ubuntu1~20.04.18 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "xorg-server" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
xorg-server (2:1.20.13-1ubuntu1~20.04.12) focal-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds memory write in XKB button actions
- debian/patches/CVE-2023-6377.patch: allocate enough XkbActions for
our buttons in Xi/exevents.c, dix/devices.c.
- CVE-2023-6377
* SECURITY UPDATE: Out-of-bounds memory read in RRChangeOutputProperty
and RRChangeProviderProperty
- debian/patches/CVE-2023-6478.patch: avoid integer truncation in
length check of ProcRRChange*Property in randr/rrproperty.c,
randr/rrproviderproperty.c.
- CVE-2023-6478
-- Marc Deslauriers <email address hidden> Tue, 12 Dec 2023 20:29:21 -0500
|
Source diff to previous version |
CVE-2023-6377 |
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory |
CVE-2023-6478 |
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow wh |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.9) focal-security; urgency=medium
* SECURITY UPDATE: OOB write in XIChangeDeviceProperty and
RRChangeOutputProperty
- debian/patches/CVE-2023-5367.patch: fix handling of PropModeAppend
and PropModePrepend in Xi/xiproperty.c, randr/rrproperty.c.
- CVE-2023-5367
* SECURITY UPDATE: Use-after-free bug in DestroyWindow
- debian/patches/CVE-2023-5380.patch: reset the PointerWindows
reference on screen switch in dix/enterleave.h, include/eventstr.h,
mi/mipointer.c.
- CVE-2023-5380
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2023 12:31:55 -0400
|
Source diff to previous version |
CVE-2023-5367 |
X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty |
CVE-2023-5380 |
Use-after-free bug in DestroyWindow |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.8) focal-security; urgency=medium
* SECURITY UPDATE: Overlay Window Use-After-Free
- debian/patches/CVE-2023-1393.patch: fix use-after-free of the COW in
composite/compwindow.c.
- CVE-2023-1393
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2023 08:53:02 -0400
|
Source diff to previous version |
xorg-server (2:1.20.13-1ubuntu1~20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: DeepCopyPointerClasses use-after-free
- debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
Xi/exevents.c.
- CVE-2023-0494
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 07:48:13 -0500
|
Source diff to previous version |
CVE-2023-0494 |
Xi: fix potential use-after-free in DeepCopyPointerClasses |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: XTestSwapFakeInput stack overflow
- debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
XTestSwapFakeInput in Xext/xtest.c.
- CVE-2022-46340
* SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
- debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
detail > 255 in Xi/xipassivegrab.c.
- CVE-2022-46341
* SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
- debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
turning off from the same client in Xext/xvmain.c.
- CVE-2022-46342
* SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
- debian/patches/CVE-2022-46343.patch: free the screen saver resource
when replacing it in Xext/saver.c.
- CVE-2022-46343
* SECURITY UPDATE: XIChangeProperty out-of-bounds access
- debian/patches/CVE-2022-46344-1.patch: return an error from XI
property changes if verification failed in Xi/xiproperty.c.
- debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
length check of ProcXIChangeProperty in Xi/xiproperty.c.
- CVE-2022-46344
* SECURITY UPDATE: XkbGetKbdByName use-after-free
- debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
NULL after freeing it in xkb/xkbUtils.c.
- CVE-2022-4283
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2022 08:02:34 -0500
|
CVE-2022-46340 |
Xtest: disallow GenericEvents in XTestSwapFakeInput |
CVE-2022-46341 |
Xi: disallow passive grabs with a detail > 255 |
CVE-2022-46342 |
Xext: free the XvRTVideoNotify when turning off from the same client |
CVE-2022-46343 |
Xext: free the screen saver resource when replacing it |
CVE-2022-46344 |
Xi: avoid integer truncation in length check of ProcXIChangeProperty |
CVE-2022-4283 |
xkb: reset the radio_groups pointer to NULL after freeing it |
|
About
-
Send Feedback to @ubuntu_updates