Package "xvfb"
Name: |
xvfb
|
Description: |
Virtual Framebuffer 'fake' X server
|
Latest version: |
2:1.18.4-0ubuntu0.12 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
universe |
Head package: |
xorg-server |
Homepage: |
http://www.x.org/ |
Links
Download "xvfb"
Other versions of "xvfb" in Xenial
Changelog
xorg-server (2:1.18.4-0ubuntu0.12) xenial-security; urgency=medium
* SECURITY UPDATE: XChangeFeedbackControl Integer Underflow
- debian/patches/CVE-2021-3472.patch: add check to Xi/chgfctl.c.
- CVE-2021-3472
-- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 08:31:36 -0400
|
Source diff to previous version |
|
xorg-server (2:1.18.4-0ubuntu0.11) xenial-security; urgency=medium
* SECURITY UPDATE: out of bounds memory accesses on too short request
- debian/patches/CVE-2020-14360.patch: check SetMap request length
carefully in xkb/xkb.c.
- CVE-2020-14360
* SECURITY UPDATE: multiple heap overflows
- debian/patches/CVE-2020-25712.patch: add bounds checks in xkb/xkb.c.
- CVE-2020-25712
-- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 12:58:19 -0500
|
Source diff to previous version |
|
xorg-server (2:1.18.4-0ubuntu0.10) xenial-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds access in XkbSetNames function
- debian/patches/CVE-2020-14345.patch: correct bounds checking in
xkb/xkb.c.
- CVE-2020-14345
-- Marc Deslauriers <email address hidden> Fri, 04 Sep 2020 09:35:30 -0400
|
Source diff to previous version |
xorg-server (2:1.18.4-0ubuntu0.9) xenial-security; urgency=medium
* SECURITY UPDATE: Integer underflow in the X input extension protocol
- debian/patches/CVE-2020-14346.patch: properly calculate length in
Xi/xichangehierarchy.c.
- CVE-2020-14346
* SECURITY UPDATE: server memory leak
- debian/patches/CVE-2020-14347.patch: initialize memory in
dix/pixmap.c.
- CVE-2020-14347
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
xkb/xkbSwap.c.
- CVE-2020-14361
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14362.patch: properly calculate lengths in
record/record.c.
- CVE-2020-14362
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 10:20:00 -0400
|
Source diff to previous version |
CVE-2020-14347 |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg |
|
xorg-server (2:1.18.4-0ubuntu0.7) xenial-security; urgency=medium
* SECURITY UPDATE: unvalidated extra length in ProcEstablishConnection
- debian/patches/CVE-2017-12176.patch: add check to dix/dispatch.c.
- CVE-2017-12176
* SECURITY UPDATE: Unvalidated variable-length request in
ProcDbeGetVisualInfo
- debian/patches/CVE-2017-12177.patch: add check to dbe/dbe.c.
- CVE-2017-12177
* SECURITY UPDATE: wrong extra length check in ProcXIChangeHierarchy
- debian/patches/CVE-2017-12178.patch: fix length check in
Xi/xichangehierarchy.c.
- CVE-2017-12178
* SECURITY UPDATE: integer overflow and unvalidated length in
ProcXIBarrierReleasePointer
- debian/patches/CVE-2017-12179-1.patch: test exact size of
XIBarrierReleasePointer in Xi/xibarriers.c.
- debian/patches/CVE-2017-12179-2.patch: add checks to Xi/xibarriers.c.
- CVE-2017-12179
* SECURITY UPDATE: various unvalidated lengths
- debian/patches/CVE-2017-12180-12182.patch: add more checks to
Xext/vidmode.c, hw/xfree86/common/xf86DGA.c,
hw/xfree86/dri/xf86dri.c.
- CVE-2017-12180
- CVE-2017-12181
- CVE-2017-12182
* SECURITY UPDATE: more unvalidated lengths
- debian/patches/CVE-2017-12183.patch: add checks to xfixes/cursor.c,
xfixes/region.c, xfixes/saveset.c, xfixes/xfixes.c.
- CVE-2017-12183
* SECURITY UPDATE: even more unvalidated lengths
- debian/patches/CVE-2017-12184-12187.patch: add more checks to
Xext/panoramiX.c, Xext/saver.c, Xext/xres.c, Xext/xvdisp.c,
hw/dmx/dmxpict.c, pseudoramiX/pseudoramiX.c, render/render.c.
- CVE-2017-12184
- CVE-2017-12185
- CVE-2017-12186
- CVE-2017-12187
* debian/patches/os_big_requests.patch: make sure big requests have
sufficient length in os/io.c.
* debian/patches/xkb_escape_fix.patch: escape non-printable characters
correctly in xkb/xkbtext.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Oct 2017 08:40:17 -0400
|
CVE-2017-1217 |
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web |
CVE-2017-1218 |
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions t |
|
About
-
Send Feedback to @ubuntu_updates