UbuntuUpdates.org

Package "xserver-xorg-dev"

Name: xserver-xorg-dev

Description:

Xorg X server - development files

Latest version: 2:21.1.3-2ubuntu2.3
Release: jammy (22.04)
Level: security
Repository: main
Head package: xorg-server
Homepage: https://www.x.org/

Links


Download "xserver-xorg-dev"


Other versions of "xserver-xorg-dev" in Jammy

Repository Area Version
base main 2:21.1.3-2ubuntu2
updates main 2:21.1.3-2ubuntu2.4

Changelog

Version: 2:21.1.3-2ubuntu2.3 2022-11-24 15:06:30 UTC

  xorg-server (2:21.1.3-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: GetCountedString Buffer Overflow
    - debian/patches/CVE-2022-3550.patch: add a check for client->req_len
      size for _GetCountedString in xkb/xkb.c.
    - CVE-2022-3550
  * SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
    - debian/patches/CVE-2022-3551.patch: add calls to free allocated
      memory if the execution reaches failures in ProcXkbGetKbdByName
      in xkb/xkb.c.
    - CVE-2022-3551

 -- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 16:22:28 -0300

Source diff to previous version
CVE-2022-3550 A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xk
CVE-2022-3551 A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of t

Version: 2:21.1.3-2ubuntu2.1 2022-07-12 16:06:28 UTC

  xorg-server (2:21.1.3-2ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ProcXkbSetGeometry Out-Of-Bounds Access
    - debian/patches/CVE-2022-2319-pre1.patch: switch to array index loops
      to moving pointers in xkb/xkb.c.
    - debian/patches/CVE-2022-2319.patch: add request length validation for
      XkbSetGeometry in xkb/xkb.c.
    - CVE-2022-2319
  * SECURITY UPDATE: ProcXkbSetDeviceInfo Out-Of-Bounds Access
    - debian/patches/CVE-2022-2320.patch: swap XkbSetDeviceInfo and
      XkbSetDeviceInfoCheck in xkb/xkb.c.
    - CVE-2022-2320

 -- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 09:45:33 -0400

CVE-2022-2319 ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320 ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access



About   -   Send Feedback to @ubuntu_updates