UBUNTU-CVE-2015-0255

Details

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

Affected Packages

Ubuntu:Pro:14.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37ubuntu54.1.1+xorg4.3.0-37ubuntu5.0.14.1.1+xorg4.3.0-37ubuntu5.0.2

Fixed in:

4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1

Ubuntu:Pro:16.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu2

Fixed in:

4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1

Ubuntu:Pro:18.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu2

Ubuntu:16.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu2

Ubuntu:18.04:LTSvnc4

Affected versions:

4.1.1+xorg4.3.0-37.3ubuntu2

Ubuntu:14.04:LTSxorg-server

Affected versions:

2:1.14.3-3ubuntu22:1.14.3-3ubuntu32:1.14.3-3ubuntu42:1.14.3-5ubuntu12:1.14.4-1ubuntu12:1.14.4-1ubuntu22:1.14.4.901-0ubuntu22:1.14.5-1ubuntu22:1.14.5-1ubuntu42:1.15.0-1ubuntu1+11 more

Fixed in:

2:1.15.1-0ubuntu2.7

Ubuntu:14.04:LTSxorg-server-lts-utopic

Affected versions:

2:1.16.0-1ubuntu1.2~trusty1

Fixed in:

2:1.16.0-1ubuntu1.2~trusty2

References

REPORThttp://www.openwall.com/lists/oss-security/2015/02/10/18 REPORThttps://ubuntu.com/security/CVE-2015-0255 REPORThttps://ubuntu.com/security/notices/USN-2500-1 REPORThttps://ubuntu.com/security/notices/USN-4772-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-0255

UBUNTU-CVE-2015-0255

Details

Affected Packages

References

Related

Ecosystems

Timeline