X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
2:1.15.1-0ubuntu2.72:1.16.0-1ubuntu1.2~trusty24.1.1+xorg4.3.0-37.3ubuntu24.1.1+xorg4.3.0-37ubuntu5.0.2+esm14.1.1+xorg4.3.0-37.3ubuntu2.1+esm1