Package "xdmx-tools"
Name: |
xdmx-tools
|
Description: |
Distributed Multihead X tools
|
Latest version: |
2:1.20.13-1ubuntu1~20.04.17 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
xorg-server |
Homepage: |
https://www.x.org/ |
Links
Download "xdmx-tools"
Other versions of "xdmx-tools" in Focal
Changelog
xorg-server (2:1.20.13-1ubuntu1~20.04.9) focal-security; urgency=medium
* SECURITY UPDATE: OOB write in XIChangeDeviceProperty and
RRChangeOutputProperty
- debian/patches/CVE-2023-5367.patch: fix handling of PropModeAppend
and PropModePrepend in Xi/xiproperty.c, randr/rrproperty.c.
- CVE-2023-5367
* SECURITY UPDATE: Use-after-free bug in DestroyWindow
- debian/patches/CVE-2023-5380.patch: reset the PointerWindows
reference on screen switch in dix/enterleave.h, include/eventstr.h,
mi/mipointer.c.
- CVE-2023-5380
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2023 12:31:55 -0400
|
Source diff to previous version |
CVE-2023-5367 |
X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty |
CVE-2023-5380 |
Use-after-free bug in DestroyWindow |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.8) focal-security; urgency=medium
* SECURITY UPDATE: Overlay Window Use-After-Free
- debian/patches/CVE-2023-1393.patch: fix use-after-free of the COW in
composite/compwindow.c.
- CVE-2023-1393
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2023 08:53:02 -0400
|
Source diff to previous version |
xorg-server (2:1.20.13-1ubuntu1~20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: DeepCopyPointerClasses use-after-free
- debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
Xi/exevents.c.
- CVE-2023-0494
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 07:48:13 -0500
|
Source diff to previous version |
CVE-2023-0494 |
Xi: fix potential use-after-free in DeepCopyPointerClasses |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: XTestSwapFakeInput stack overflow
- debian/patches/CVE-2022-46340.patch: disallow GenericEvents in
XTestSwapFakeInput in Xext/xtest.c.
- CVE-2022-46340
* SECURITY UPDATE: XIPassiveUngrabDevice out-of-bounds access
- debian/patches/CVE-2022-46341.patch: disallow passive grabs with a
detail > 255 in Xi/xipassivegrab.c.
- CVE-2022-46341
* SECURITY UPDATE: XvdiSelectVideoNotify use-after-free
- debian/patches/CVE-2022-46342.patch: free the XvRTVideoNotify when
turning off from the same client in Xext/xvmain.c.
- CVE-2022-46342
* SECURITY UPDATE: ScreenSaverSetAttributes use-after-free
- debian/patches/CVE-2022-46343.patch: free the screen saver resource
when replacing it in Xext/saver.c.
- CVE-2022-46343
* SECURITY UPDATE: XIChangeProperty out-of-bounds access
- debian/patches/CVE-2022-46344-1.patch: return an error from XI
property changes if verification failed in Xi/xiproperty.c.
- debian/patches/CVE-2022-46344-2.patch: avoid integer truncation in
length check of ProcXIChangeProperty in Xi/xiproperty.c.
- CVE-2022-46344
* SECURITY UPDATE: XkbGetKbdByName use-after-free
- debian/patches/CVE-2022-4283.patch: reset the radio_groups pointer to
NULL after freeing it in xkb/xkbUtils.c.
- CVE-2022-4283
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2022 08:02:34 -0500
|
Source diff to previous version |
CVE-2022-46340 |
Xtest: disallow GenericEvents in XTestSwapFakeInput |
CVE-2022-46341 |
Xi: disallow passive grabs with a detail > 255 |
CVE-2022-46342 |
Xext: free the XvRTVideoNotify when turning off from the same client |
CVE-2022-46343 |
Xext: free the screen saver resource when replacing it |
CVE-2022-46344 |
Xi: avoid integer truncation in length check of ProcXIChangeProperty |
CVE-2022-4283 |
xkb: reset the radio_groups pointer to NULL after freeing it |
|
xorg-server (2:1.20.13-1ubuntu1~20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: GetCountedString Buffer Overflow
- debian/patches/CVE-2022-3550.patch: add a check for client->req_len
size for _GetCountedString in xkb/xkb.c.
- CVE-2022-3550
* SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
- debian/patches/CVE-2022-3551.patch: add calls to free allocated
memory if the execution reaches failures in ProcXkbGetKbdByName
in xkb/xkb.c.
- CVE-2022-3551
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 11:24:11 -0300
|
CVE-2022-3550 |
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xk |
CVE-2022-3551 |
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of t |
|
About
-
Send Feedback to @ubuntu_updates