xorg-server 2:1.18.4-0ubuntu0.3 source package in Ubuntu

Changelog

xorg-server (2:1.18.4-0ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution in endianness
    conversion of X Events
    - debian/patches/CVE-2017-10971-1.patch: do not try to swap
      GenericEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-2.patch: verify all events in
      ProcXSendExtensionEvent in Xi/sendexev.c.
    - debian/patches/CVE-2017-10971-3.patch: disallow GenericEvent in
      SendEvent request in dix/events.c, dix/swapreq.c.
    - CVE-2017-10971
  * SECURITY UPDATE: information leak in XEvent handling
    - debian/patches/CVE-2017-10972.patch: zero target buffer in
      SProcXSendExtensionEvent in Xi/sendexev.c.
    - CVE-2017-10972
  * SECURITY UPDATE: MIT-MAGIC-COOKIES timing attack
    - debian/patches/CVE-2017-2624.patch: use timingsafe_memcmp() in
      configure.ac, include/dix-config.h.in, include/os.h,
      os/mitauth.c, os/timingsafe_memcmp.c.
    - CVE-2017-2624

 -- Marc Deslauriers <email address hidden>  Mon, 17 Jul 2017 09:38:58 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2017-07-17
Uploaded to:
Xenial
Original maintainer:
Ubuntu X-SWAT
Architectures:
any all
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2017-07-24 main x11
Xenial security on 2017-07-24 main x11

Downloads

File Size SHA-256 Checksum
xorg-server_1.18.4.orig.tar.gz 8.0 MiB 4ba0e6c2c96650f1d1606572196143054005eb88d31c33b15a81d50886f26713
xorg-server_1.18.4-0ubuntu0.3.diff.gz 310.4 KiB 34791213efa31e288260f940bafa227077b03da36fe054ac47ea55751a15fadb
xorg-server_1.18.4-0ubuntu0.3.dsc 5.0 KiB 92b1c6ac331531b7e569b33f071e00eef3c303b6259a59963f85a49c1e1d3b05

View changes file

Binary packages built by this source

xdmx: distributed multihead X server

 Xdmx is a proxy X server that uses one or more other X servers as its
 display device(s). It provides multi-head X functionality for displays that
 might be located on different machines. Xdmx functions as a front-end X server
 that acts as a proxy to a set of back-end X servers. All of the visible
 rendering is passed to the back-end X servers. Clients connect to the Xdmx
 front-end, and everything appears as it would in a regular multi-head
 configuration. If Xinerama is enabled (e.g., with +xinerama on the command
 line), the clients see a single large screen.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-dbgsym: debug symbols for package xdmx

 Xdmx is a proxy X server that uses one or more other X servers as its
 display device(s). It provides multi-head X functionality for displays that
 might be located on different machines. Xdmx functions as a front-end X server
 that acts as a proxy to a set of back-end X servers. All of the visible
 rendering is passed to the back-end X servers. Clients connect to the Xdmx
 front-end, and everything appears as it would in a regular multi-head
 configuration. If Xinerama is enabled (e.g., with +xinerama on the command
 line), the clients see a single large screen.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-tools: Distributed Multihead X tools

 This package provides a collection of tools used for administration of
 the Xdmx server; see the xdmx package for more information.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xdmx-tools-dbgsym: debug symbols for package xdmx-tools

 This package provides a collection of tools used for administration of
 the Xdmx server; see the xdmx package for more information.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xmir: Xmir X server

 This package provides an X server running on top of Mir, using Mir
 input devices for input and forwarding either the root window or individual
 top-level windows as wayland surfaces.

xmir-dbgsym: debug symbols for package xmir

 This package provides an X server running on top of Mir, using Mir
 input devices for input and forwarding either the root window or individual
 top-level windows as wayland surfaces.

xnest: Nested X server

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xnest-dbgsym: debug symbols for package xnest

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xorg-server-source: Xorg X server - source files

 This package provides original Debian (with Debian patches already
 applied, and autotools files updated) sources for the X.Org ('Xorg')
 X server shipped in a tarball. This enables other projects re-using
 X server codebase (e.g. VNC servers) to (re-)use officially
 Debian-supported version of the X xserver for their builds.
 .
 Unless you are building a software product using X server sources,
 you probably want xserver-xorg and/or xserver-xorg-core instead.

xserver-common: common files used by various X servers

 This package provides files necessary for all X.Org based X servers.

xserver-xephyr: nested X server

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xephyr-dbgsym: debug symbols for package xserver-xephyr

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core: Xorg X server - core server

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-dbg: Xorg - the X.Org X server (debugging symbols)

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 This package provides debugging symbols for the Xorg X server and associated
 modules.

xserver-xorg-core-dbgsym: debug symbols for package xserver-xorg-core

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-udeb: Xorg X server - core server

 This is a udeb, or a microdeb, for the debian-installer.

xserver-xorg-core-udeb-dbgsym: debug symbols for package xserver-xorg-core-udeb

 This is a udeb, or a microdeb, for the debian-installer.

xserver-xorg-dev: Xorg X server - development files

 This package provides development files for the X.Org ('Xorg') X server.
 This is not quite the same as the DDK (Driver Development Kit) from the
 XFree86 4.x and X.Org 6.7, 6.8 and 6.9 series of servers; it provides
 headers and a pkg-config file for drivers using autotools to build
 against.
 .
 Unless you are developing or building a driver, you probably want
 xserver-xorg and/or xserver-xorg-core instead.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-legacy: setuid root Xorg server wrapper

 This package provides a wrapper for the Xorg X server, which is
 necessary for legacy drivers and non-Linux kernels.

xserver-xorg-legacy-dbgsym: debug symbols for package xserver-xorg-legacy

 This package provides a wrapper for the Xorg X server, which is
 necessary for legacy drivers and non-Linux kernels.

xserver-xorg-xmir: Xmir X server (transitional package)

 This is a transitional package to ease upgrades to xmir.
 It can be safely removed.

xvfb: Virtual Framebuffer 'fake' X server

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xvfb-dbgsym: debug symbols for package xvfb

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:http://www.X.org>
 .
 This package is built from the X.org xserver module.

xwayland: Xwayland X server

 This package provides an X server running on top of wayland, using wayland
 input devices for input and forwarding either the root window or individual
 top-level windows as wayland surfaces.

xwayland-dbgsym: debug symbols for package xwayland

 This package provides an X server running on top of wayland, using wayland
 input devices for input and forwarding either the root window or individual
 top-level windows as wayland surfaces.