Package "xserver-xorg-core"
  
    
    
        | Name: | xserver-xorg-core | 
    
        | Description:
 | Xorg X server - core server | 
    
        | Latest version: | 2:21.1.4-2ubuntu1.7~22.04.15 | 
    
        | Release: | jammy (22.04) | 
    
        | Level: | updates | 
    
        | Repository: | main | 
         
            | Head package: | xorg-server | 
        
            | Homepage: | https://www.x.org/ | 
    
   
  
  
 
Links
    Download "xserver-xorg-core"
    
Other versions of "xserver-xorg-core" in Jammy
    
Changelog
    
    
    
        
        
    
    
        |   xorg-server (2:21.1.4-2ubuntu1.7~22.04.15) jammy-security; urgency=medium   * SECURITY UPDATE: Out-of-bounds access in X Rendering extension
- debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
 in render/animcur.c, render/render.c.
 - CVE-2025-49175
 * SECURITY UPDATE: Integer overflow in Big Requests Extension
 - debian/patches/CVE-2025-49176.patch: do not overflow the integer size
 with BigRequest in dix/dispatch.c, os/io.c.
 - CVE-2025-49176
 * SECURITY UPDATE: Data leak in XFIXES Extension 6
 - debian/patches/CVE-2025-49177.patch: check request length for
 SetClientDisconnectMode in xfixes/disconnect.c.
 - CVE-2025-49177
 * SECURITY UPDATE: Unprocessed client request via bytes to ignore
 - debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
 sharing input buffer in os/io.c.
 - CVE-2025-49178
 * SECURITY UPDATE: Integer overflow in X Record extension
 - debian/patches/CVE-2025-49179.patch: check for overflow in
 RecordSanityCheckRegisterClients() in record/record.c.
 - CVE-2025-49179
 * SECURITY UPDATE: Integer overflow in RandR extension
 - debian/patches/CVE-2025-49180-1.patch: check for overflow in
 RRChangeProviderProperty() in randr/rrproviderproperty.c.
 - debian/patches/CVE-2025-49180-2.patch: check for RandR provider
 functions in hw/xfree86/modes/xf86RandR12.c.
 - CVE-2025-49180
  -- Marc Deslauriers <email address hidden>  Tue, 10 Jun 2025 14:21:45 -0400 | 
    | Source diff to previous version | 
        
        | 
                
                | CVE-2025-49175 | A flaw was found in the X Rendering extension's handling of animated c ... |  
                | CVE-2025-49176 | A flaw was found in the Big Requests extension. The request length is  ... |  
                | CVE-2025-49177 | A flaw was found in the XFIXES extension. The XFixesSetClientDisconnec ... |  
                | CVE-2025-49178 | A flaw was found in the X server's request handling. Non-zero 'bytes t ... |  
                | CVE-2025-49179 | A flaw was found in the X Record extension. The RecordSanityCheckRegis ... |  
                | CVE-2025-49180 | A flaw was found in the RandR extension, where the RRChangeProviderPro ... |  | 
    
    
    
    
    
        
        
    
    
        |   xorg-server (2:21.1.4-2ubuntu1.7~22.04.14) jammy; urgency=medium   * If a client application has not called DRI2ScreenInit(),
DRI2Authenticate() and DRI2CreateDrawable2() cause the X server to
 crash. This patch adds some sanity checks to ensure the X server
 stays running. (LP: #1861609)
 - d/p/lp1861609-dri2-Protect-against-dri2ClientPrivate-assertio.patch
  -- Matthew Ruffell <email address hidden>  Tue, 04 Mar 2025 18:21:58 +1300 | 
    | Source diff to previous version | 
        
        | 
                
                | 1861609 | Xorg crashes with assertion failure at dixGetPrivateAddr: Assertion `key-\u003einitialized' failed |  | 
    
    
    
    
    
        
        
    
    
        |   xorg-server (2:21.1.4-2ubuntu1.7~22.04.13) jammy-security; urgency=medium   * SECURITY UPDATE: Use-after-free of the root cursor
- debian/patches/CVE-2025-26594-1.patch: refuse to free the root cursor
 in dix/dispatch.c.
 - debian/patches/CVE-2025-26594-2.patch: keep a ref to the rootCursor
 in dix/main.c.
 - CVE-2025-26594
 * SECURITY UPDATE: Buffer overflow in XkbVModMaskText()
 - debian/patches/CVE-2025-26595.patch: fix bounds check in
 xkb/xkbtext.c.
 - CVE-2025-26595
 * SECURITY UPDATE: Heap overflow in XkbWriteKeySyms()
 - debian/patches/CVE-2025-26596.patch: fix computation of
 XkbSizeKeySyms in xkb/xkb.c.
 - CVE-2025-26596
 * SECURITY UPDATE: Buffer overflow in XkbChangeTypesOfKey()
 - debian/patches/CVE-2025-26597.patch: also resize key actions in
 xkb/XKBMisc.c.
 - CVE-2025-26597
 * SECURITY UPDATE: Out-of-bounds write in CreatePointerBarrierClient()
 - debian/patches/CVE-2025-26598.patch: fix barrier device search in
 Xi/xibarriers.c.
 - CVE-2025-26598
 * SECURITY UPDATE: Use of uninitialized pointer in compRedirectWindow()
 - debian/patches/CVE-2025-26599-1.patch: handle failure to redirect in
 composite/compalloc.c.
 - debian/patches/CVE-2025-26599-2.patch: initialize border clip even
 when pixmap alloc fails in composite/compalloc.c.
 - CVE-2025-26599
 * SECURITY UPDATE: Use-after-free in PlayReleasedEvents()
 - debian/patches/CVE-2025-26600.patch: dequeue pending events on frozen
 device on removal in dix/devices.c.
 - CVE-2025-26600
 * SECURITY UPDATE: Use-after-free in SyncInitTrigger()
 - debian/patches/CVE-2025-26601-1.patch: do not let sync objects
 uninitialized in Xext/sync.c.
 - debian/patches/CVE-2025-26601-2.patch: check values before applying
 changes in Xext/sync.c.
 - debian/patches/CVE-2025-26601-3.patch: do not fail
 SyncAddTriggerToSyncObject() in Xext/sync.c.
 - debian/patches/CVE-2025-26601-4.patch: apply changes last in
 SyncChangeAlarmAttributes() in Xext/sync.c.
 - CVE-2025-26601
  -- Marc Deslauriers <email address hidden>  Wed, 19 Feb 2025 08:46:37 -0500 | 
    | Source diff to previous version | 
        
        | 
                
                | CVE-2025-26594 | A use-after-free flaw was found in X.Org and Xwayland. The root cursor ... |  
                | CVE-2025-26595 | A buffer overflow flaw was found in X.Org and Xwayland. The code in Xk ... |  
                | CVE-2025-26596 | A heap overflow flaw was found in X.Org and Xwayland. The computation  ... |  
                | CVE-2025-26597 | A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTy ... |  
                | CVE-2025-26598 | An out-of-bounds write flaw was found in X.Org and Xwayland. The funct ... |  
                | CVE-2025-26599 | An access to an uninitialized pointer flaw was found in X.Org and Xway ... |  
                | CVE-2025-26600 | A use-after-free flaw was found in X.Org and Xwayland. When a device i ... |  
                | CVE-2025-26601 | A use-after-free flaw was found in X.Org and Xwayland. When changing a ... |  | 
    
    
    
    
    
        
        
    
    
        |   xorg-server (2:21.1.4-2ubuntu1.7~22.04.12) jammy-security; urgency=medium   * SECURITY UPDATE: Heap-based buffer overflow in _XkbSetCompatMap
- debian/patches/CVE-2024-9632.patch: properly update size in
 xkb/xkb.c.
 - CVE-2024-9632
  -- Marc Deslauriers <email address hidden>  Fri, 11 Oct 2024 10:23:05 -0400 | 
    | Source diff to previous version | 
        
        | 
                
                | CVE-2024-9632 | A flaw was found in the X.org server. Due to improperly tracked alloca ... |  | 
    
    
    
    
    
        
        
    
    
        |   xorg-server (2:21.1.4-2ubuntu1.7~22.04.11) jammy; urgency=medium   * d/p/fix-suspend-resume-with-no-input-device.patch (LP: #2056331)
- Make sure info->active and info->vt_active are false
 after dropping drm master.
 - Normally, this is done when pausing the first
 input device, so it breaks when there are no
 input device at all.
  -- Talha Can Havadar <email address hidden>  Fri, 12 Apr 2024 16:23:18 +0200 | 
    
        
        | 
                
                | 2056331 | [SRU] fix suspend/resume when there are no input devices |  | 
    
    
        
        
        
            About
              -  
            Send Feedback to @ubuntu_updates