UbuntuUpdates.org

Package "xserver-xorg-dev"

Name: xserver-xorg-dev

Description:

Xorg X server - development files

Latest version: 2:1.11.4-0ubuntu10.17
Release: precise (12.04)
Level: security
Repository: main
Head package: xorg-server

Links

Save this URL for the latest version of "xserver-xorg-dev": https://www.ubuntuupdates.org/xserver-xorg-dev


Download "xserver-xorg-dev"


Other versions of "xserver-xorg-dev" in Precise

Repository Area Version
base main 2:1.11.4-0ubuntu10
updates main 2:1.11.4-0ubuntu10.17
PPA: xorg-edgers 2:1.12.3+git20120709+server-1.12-branch.60e0d205-0ubuntu0ricotz~precise

Changelog

Version: 2:1.11.4-0ubuntu10.17 2015-02-17 13:07:00 UTC

  xorg-server (2:1.11.4-0ubuntu10.17) precise-security; urgency=medium

  * SECURITY UPDATE: information leak and denial of service in
    XkbSetGeometry
    - debian/patches/CVE-2015-0255.patch: properly check lengths in
      xkb/xkb.c.
    - CVE-2015-0255
  * SECURITY UPDATE: denial of service via invalid trapezoid (LP: #1197921)
    - debian/patches/CVE-2013-6424.patch: don't render invalid trapezoids
      in exa/exa_render.c, fix underflow in render/picture.h.
    - CVE-2013-6424
  * debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
    previous security update by allowing zero-height PutImage requests in
    dix/dispatch.c.
 -- Marc Deslauriers <email address hidden> Thu, 12 Feb 2015 08:57:17 -0500

Source diff to previous version
CVE-2015-0255 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from proces
CVE-2013-6424 Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) v
CVE-2014-8092 intger overflows in X11 core protocol requests

Version: 2:1.11.4-0ubuntu10.16 2014-12-10 03:06:36 UTC

  xorg-server (2:1.11.4-0ubuntu10.16) precise-security; urgency=medium

  * SECURITY UPDATE: Dec 2014 security issues - additional fixes
    - debian/patches/CVE-2014-8xxx/003[467]*.patch: add additional fixes
      not included in original pre-advisory bundle.
 -- Marc Deslauriers <email address hidden> Tue, 09 Dec 2014 17:22:41 -0500

Source diff to previous version

Version: 2:1.11.4-0ubuntu10.15 2014-12-09 20:06:31 UTC

  xorg-server (2:1.11.4-0ubuntu10.15) precise-security; urgency=medium

  * SECURITY UPDATE: Dec 2014 protocol handling security issues
    - debian/patches/CVE-2014-8xxx/*.patch: patches from upstream to fix
      a multitude of security issues, including a couple of pre-requisite
      fixes from git.
    - CVE-2014-8091
    - CVE-2014-8092
    - CVE-2014-8093
    - CVE-2014-8094
    - CVE-2014-8095
    - CVE-2014-8096
    - CVE-2014-8097
    - CVE-2014-8098
    - CVE-2014-8099
    - CVE-2014-8100
    - CVE-2014-8101
    - CVE-2014-8102
 -- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 12:48:25 -0500

Source diff to previous version
CVE-2014-8091 denial of service due to unchecked malloc in client authentication
CVE-2014-8092 intger overflows in X11 core protocol requests
CVE-2014-8093 integer overflows in GLX extension
CVE-2014-8094 integer overflows in DRI2 extensions
CVE-2014-8095 out of bounds access in XInput extensions
CVE-2014-8096 out of bounds access in XC-MISC extension
CVE-2014-8097 out of bounds access in DBE extension
CVE-2014-8098 out of bounds access in GLX extension
CVE-2014-8099 out of bounds access in XVideo extension
CVE-2014-8100 out of bounds access in Render extension
CVE-2014-8101 out of bounds access in RandR extension
CVE-2014-8102 out of bounds access in XFixes extension

Version: 2:1.11.4-0ubuntu10.14 2013-10-17 18:06:52 UTC

  xorg-server (2:1.11.4-0ubuntu10.14) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    use after free in ImageText request handling.
    - debian/patches/CVE-2013-4396.patch: avoid use after free in
      dix/dixfonts.c.
    - CVE-2013-4396
  * SECURITY UPDATE: unsafe use of xkb cache files
    - debian/patches/190_cache-xkbcomp_output_for_fast_start_up.patch:
      updated to not use xkb cache files in /tmp when running a non-root
      server.
    - CVE-2013-1056
 -- Marc Deslauriers <email address hidden> Wed, 16 Oct 2013 07:31:05 -0400

Source diff to previous version
CVE-2013-4396 Use-after-free vulnerability in the doImageText function in ...
CVE-2013-1056 RESERVED

Version: 2:1.11.4-0ubuntu10.13 2013-04-17 18:07:29 UTC

  xorg-server (2:1.11.4-0ubuntu10.13) precise-security; urgency=low

  * SECURITY UPDATE: input event leak via inactive VT
    - debian/patches/CVE-2013-1940.patch: fix flush input to work with
      Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
    - CVE-2013-1940
 -- Marc Deslauriers <email address hidden> Thu, 11 Apr 2013 08:18:09 -0400

CVE-2013-1940 RESERVED



About   -   Send Feedback to @ubuntu_updates