Publishing details

• Published on 2017-12-09

Changelog

xorg-server (2:1.16.4-1+deb8u2) jessie-security; urgency=high

  * render: Fix out of boundary heap access
  * Xext/shm: Validate shmseg resource id (CVE-2017-13721)
  * xkb: Escape non-printable characters correctly.
  * xkb: Handle xkb formated string output safely (CVE-2017-13723)
  * os: Make sure big requests have sufficient length.
  * Unvalidated lengths in
    - XFree86-VidModeExtension (CVE-2017-12180)
    - XFree86-DGA (CVE-2017-12181)
    - XFree86-DRI (CVE-2017-12182)
    - XFIXES (CVE-2017-12183)
    - XINERAMA (CVE-2017-12184)
    - MIT-SCREEN-SAVER (CVE-2017-12185)
    - X-Resource (CVE-2017-12186)
    - RENDER (CVE-2017-12187)
  * Xi: Test exact size of XIBarrierReleasePointer
  * Xi: integer overflow and unvalidated length in
    (S)ProcXIBarrierReleasePointer (CVE-2017-12179)
  * Xi: Silence some tautological warnings
  * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
  * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177)
  * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
  * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624)
  * Xwayland: enable access control and default to just the local user (CVE-2015-3164)

 -- Julien Cristau <email address hidden>  Sat, 14 Oct 2017 12:35:36 +0200

Builds

Package files

• xorg-server_1.16.4-1+deb8u2.diff.gz (112.4 KiB)
• xorg-server_1.16.4-1+deb8u2.dsc (4.6 KiB)
• xorg-server_1.16.4.orig.tar.gz (7.7 MiB)