USN-2500-1

Details

Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6424)

Affected Packages

xorg-server

Ubuntu 14.04 LTS

Fixed in:

2:1.15.1-0ubuntu2.7

xorg-server-lts-utopic

Ubuntu 14.04 LTS

Fixed in:

2:1.16.0-1ubuntu1.2~trusty2

References

REPORT

https://ubuntu.com/security/CVE-2013-6424

REPORT

https://ubuntu.com/security/CVE-2015-0255

ADVISORY

https://ubuntu.com/security/notices/USN-2500-1