Change log for xorg-server-hwe-16.04 package in Ubuntu
| 1 → 14 of 14 results | First • Previous • Next • Last |
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: XChangeFeedbackControl Integer Underflow
- debian/patches/CVE-2021-3472.patch: add check to Xi/chgfctl.c.
- CVE-2021-3472
-- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 09:42:05 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: out of bounds memory accesses on too short request
- debian/patches/CVE-2020-14360.patch: check SetMap request length
carefully in xkb/xkb.c.
- CVE-2020-14360
* SECURITY UPDATE: multiple heap overflows
- debian/patches/CVE-2020-25712.patch: add bounds checks in xkb/xkb.c.
- CVE-2020-25712
-- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 13:01:10 -0500
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds access in XkbSetNames function
- debian/patches/CVE-2020-14345.patch: correct bounds checking in
xkb/xkb.c.
- CVE-2020-14345
-- Marc Deslauriers <email address hidden> Fri, 04 Sep 2020 09:37:30 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Integer underflow in the X input extension protocol
- debian/patches/CVE-2020-14346.patch: properly calculate length in
Xi/xichangehierarchy.c.
- CVE-2020-14346
* SECURITY UPDATE: server memory leak
- debian/patches/CVE-2020-14347.patch: initialize memory in
dix/pixmap.c.
- CVE-2020-14347
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14361.patch: fix dataLeft calculation in
xkb/xkbSwap.c.
- CVE-2020-14361
* SECURITY UPDATE: Integer Underflow Privilege Escalation
- debian/patches/CVE-2020-14362.patch: properly calculate lengths in
record/record.c.
- CVE-2020-14362
-- Marc Deslauriers <email address hidden> Mon, 31 Aug 2020 10:21:14 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Privilege escalation and file overwrite
- debian/patches/CVE-2018-14665.patch: disable -logfile and -modulepath
when running with elevated privileges in
hw/xfree86/common/xf86Init.c.
- CVE-2018-14665
-- Marc Deslauriers <email address hidden> Thu, 25 Oct 2018 11:22:30 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.1) xenial; urgency=medium
* prime-sync-refactor.diff: Fix crash on modesetting+amdgpu hybrid.
(LP: #1789913)
-- Timo Aaltonen <email address hidden> Wed, 05 Sep 2018 14:31:56 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4~16.04.1) xenial; urgency=medium * Backport to xenial (LP: #1772632) - Revert dropping patches 105, 188, 191, and disable improve-outputclass.diff, in order not to regress nvidia -- Timo Aaltonen <email address hidden> Wed, 06 Jun 2018 14:23:44 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.19.5-0ubuntu2~16.04.1) xenial; urgency=medium * Backport to xenial. (LP: #1716203) - disable xwayland-tablet.diff, not needed on xenial * control, rules: Drop -dbg package as it got mistakenly added back due to a merge. This package had migrated to -dbgsym earlier. -- Timo Aaltonen <email address hidden> Tue, 19 Sep 2017 14:52:44 +0300
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: unvalidated extra length in ProcEstablishConnection
- debian/patches/CVE-2017-12176.patch: add check to dix/dispatch.c.
- CVE-2017-12176
* SECURITY UPDATE: Unvalidated variable-length request in
ProcDbeGetVisualInfo
- debian/patches/CVE-2017-12177.patch: add check to dbe/dbe.c.
- CVE-2017-12177
* SECURITY UPDATE: wrong extra length check in ProcXIChangeHierarchy
- debian/patches/CVE-2017-12178.patch: fix length check in
Xi/xichangehierarchy.c.
- CVE-2017-12178
* SECURITY UPDATE: integer overflow and unvalidated length in
ProcXIBarrierReleasePointer
- debian/patches/CVE-2017-12179-1.patch: test exact size of
XIBarrierReleasePointer in Xi/xibarriers.c.
- debian/patches/CVE-2017-12179-2.patch: add checks to Xi/xibarriers.c.
- CVE-2017-12179
* SECURITY UPDATE: various unvalidated lengths
- debian/patches/CVE-2017-12180-12182.patch: add more checks to
Xext/vidmode.c, hw/xfree86/common/xf86DGA.c,
hw/xfree86/dri/xf86dri.c.
- CVE-2017-12180
- CVE-2017-12181
- CVE-2017-12182
* SECURITY UPDATE: more unvalidated lengths
- debian/patches/CVE-2017-12183.patch: add checks to xfixes/cursor.c,
xfixes/region.c, xfixes/saveset.c, xfixes/xfixes.c.
- CVE-2017-12183
* SECURITY UPDATE: even more unvalidated lengths
- debian/patches/CVE-2017-12184-12187.patch: add more checks to
Xext/panoramiX.c, Xext/saver.c, Xext/xres.c, Xext/xvdisp.c,
hw/dmx/dmxpict.c, pseudoramiX/pseudoramiX.c, render/render.c.
- CVE-2017-12184
- CVE-2017-12185
- CVE-2017-12186
- CVE-2017-12187
* debian/patches/os_big_requests.patch: make sure big requests have
sufficient length in os/io.c.
* debian/patches/xkb_escape_fix.patch: escape non-printable characters
correctly in xkb/xkbtext.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Oct 2017 09:00:49 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: DoS or segment overwrite via shmseg resource id
- debian/patches/CVE-2017-13721.patch: validate shmseg resource id in
Xext/shm.c.
- CVE-2017-13721
* SECURITY UPDATE: buffer overflow via XKB data
- debian/patches/CVE-2017-13723.patch: handle xkb formatted string
output safely in xkb/xkbtext.c.
- CVE-2017-13723
-- Marc Deslauriers <email address hidden> Wed, 11 Oct 2017 13:56:12 -0400
Available diffs
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.2) xenial; urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
-- Marc Deslauriers <email address hidden> Tue, 25 Jul 2017 09:04:30 -0400
xorg-server-hwe-16.04 (2:1.18.4-1ubuntu6.1~16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution in endianness
conversion of X Events
- debian/patches/CVE-2017-10971-1.patch: do not try to swap
GenericEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-2.patch: verify all events in
ProcXSendExtensionEvent in Xi/sendexev.c.
- debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
SendEvent request in dix/events.c, dix/swapreq.c.
- CVE-2017-10971
* SECURITY UPDATE: information leak in XEvent handling
- debian/patches/CVE-2017-10972.patch: zero target buffer in
SProcXSendExtensionEvent in Xi/sendexev.c.
- CVE-2017-10972
* SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
- debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
configure.ac, include/dix-config.h.in, include/os.h,
os/mitauth.c, os/timingsafe_memcmp.c.
- CVE-2017-2624
-- Marc Deslauriers <email address hidden> Mon, 17 Jul 2017 13:16:04 -0400
Available diffs
| Superseded in xenial-proposed |
xorg-server-hwe-16.04 (2:1.19.3-1ubuntu1~16.04.1) xenial; urgency=medium * Backport for hwe-16.04 stack. (LP: #1687981) * control: Bump libwayland-dev build-dep to 1.11.0 which has the proxy wrappers. * rules: Clean files not needed on hwe pkgs and make dh_install happy. * control: Add dh-autoreconf back, needed on xenial. -- Timo Aaltonen <email address hidden> Thu, 04 May 2017 10:37:47 +0300
Available diffs
xorg-server-hwe-16.04 (2:1.18.4-1ubuntu6.1~16.04.1) xenial; urgency=medium * Backport for hwe-16.04 stack. * xmir.patch: Don't check for mir_event_type_input_device_state (FTBFS) -- Timo Aaltonen <email address hidden> Fri, 20 Jan 2017 00:18:35 +0200
| 1 → 14 of 14 results | First • Previous • Next • Last |
