Package "xorg-server"

Name: xorg-server


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Nested X server
  • Xorg X server - source files
  • Virtual Framebuffer 'fake' X server

Latest version: 2:21.1.3-2ubuntu2.3
Release: jammy (22.04)
Level: security
Repository: universe


Other versions of "xorg-server" in Jammy

Repository Area Version
base main 2:21.1.3-2ubuntu2
base universe 2:21.1.3-2ubuntu2
security main 2:21.1.3-2ubuntu2.3
updates main 2:21.1.3-2ubuntu2.4
updates universe 2:21.1.3-2ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Version: 2:21.1.3-2ubuntu2.3 2022-11-23 20:07:38 UTC

  xorg-server (2:21.1.3-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: GetCountedString Buffer Overflow
    - debian/patches/CVE-2022-3550.patch: add a check for client->req_len
      size for _GetCountedString in xkb/xkb.c.
    - CVE-2022-3550
  * SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
    - debian/patches/CVE-2022-3551.patch: add calls to free allocated
      memory if the execution reaches failures in ProcXkbGetKbdByName
      in xkb/xkb.c.
    - CVE-2022-3551

 -- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 22 Nov 2022 16:22:28 -0300

Source diff to previous version
CVE-2022-3550 A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xk
CVE-2022-3551 A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of t

Version: 2:21.1.3-2ubuntu2.1 2022-07-12 16:06:29 UTC

  xorg-server (2:21.1.3-2ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ProcXkbSetGeometry Out-Of-Bounds Access
    - debian/patches/CVE-2022-2319-pre1.patch: switch to array index loops
      to moving pointers in xkb/xkb.c.
    - debian/patches/CVE-2022-2319.patch: add request length validation for
      XkbSetGeometry in xkb/xkb.c.
    - CVE-2022-2319
  * SECURITY UPDATE: ProcXkbSetDeviceInfo Out-Of-Bounds Access
    - debian/patches/CVE-2022-2320.patch: swap XkbSetDeviceInfo and
      XkbSetDeviceInfoCheck in xkb/xkb.c.
    - CVE-2022-2320

 -- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 09:45:33 -0400

CVE-2022-2319 ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access
CVE-2022-2320 ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access

About   -   Send Feedback to @ubuntu_updates