Ubuntu
xorg-server package

xorg-server 2:21.1.4-2ubuntu1.7~22.04.7 source package in Ubuntu

Changelog

xorg-server (2:21.1.4-2ubuntu1.7~22.04.7) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in DeviceFocusEvent and
    ProcXIQueryPointer
    - debian/patches/CVE-2023-6816.patch: allocate enough space for logical
      button maps in Xi/xiquerypointer.c, dix/enterleave.c.
    - CVE-2023-6816
  * SECURITY UPDATE: Reattaching to different master device may lead to
    out-of-bounds memory access
    - debian/patches/CVE-2024-0229-1.patch: allocate sufficient xEvents for
      our DeviceStateNotify in dix/enterleave.c.
    - debian/patches/CVE-2024-0229-2.patch: fix DeviceStateNotify event
      calculation in dix/enterleave.c.
    - debian/patches/CVE-2024-0229-3.patch: when creating a new
      ButtonClass, set the number of buttons in Xi/exevents.c.
    - debian/patches/CVE-2024-0229-4.patch: require a pointer and keyboard
      device for XIAttachToMaster in Xi/xichangehierarchy.c.
    - CVE-2024-0229
  * SECURITY UPDATE: SELinux unlabeled GLX PBuffer
    - debian/patches/CVE-2024-0408.patch: call XACE hooks on the GLX buffer
      in glx/glxcmds.c.
    - CVE-2024-0408
  * SECURITY UPDATE: SELinux context corruption
    - debian/patches/CVE-2024-0409.patch: use the proper private key for
      cursor in hw/kdrive/ephyr/ephyrcursor.c.
    - CVE-2024-0409
  * SECURITY UPDATE: Heap buffer overflow in XISendDeviceHierarchyEvent
    - debian/patches/CVE-2024-21885.patch: flush hierarchy events after
      adding/removing master devices in Xi/xichangehierarchy.c.
    - CVE-2024-21885
  * SECURITY UPDATE: Heap buffer overflow in DisableDevice
    - debian/patches/CVE-2024-21886-1.patch: do not keep linked list
      pointer during recursion in dix/devices.c.
    - debian/patches/CVE-2024-21886-2.patch: when disabling a master, float
      disabled slaved devices too in dix/devices.c.
    - CVE-2024-21886

 -- Marc Deslauriers <email address hidden>  Mon, 15 Jan 2024 10:45:41 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Jammy
Original maintainer:
Ubuntu X-SWAT
Architectures:
any all
Section:
x11
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xorg-server_21.1.4.orig.tar.gz 8.6 MiB cbd5a1f75881e8a341823e51e489281aee0912c7023b4eed170b26b18f617e36
xorg-server_21.1.4.orig.tar.gz.asc 488 bytes 811b5da6defa1ffc8e0d5191ceefb6357e4cad5a06617bad178c5c13775aa3ce
xorg-server_21.1.4-2ubuntu1.7~22.04.7.diff.gz 240.2 KiB ef4bef59c13bac988e2639d4c56d1b710233c2235f102b2d93b614fbebe64819
xorg-server_21.1.4-2ubuntu1.7~22.04.7.dsc 4.3 KiB 0e0a84de88912ca52d30f19111c4a23661f3990dbd573fa480eda5404b99749e

View changes file

Binary packages built by this source

xnest: Nested X server

 Xnest is a nested X server that simply relays all its requests to another
 X server, where it runs as a client. This means that it appears as another
 window in your current X session. Xnest relies upon its parent X server
 for font services.
 .
 Use of the Xephyr X server instead of Xnest is recommended.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xnest-dbgsym: debug symbols for xnest
xorg-server-source: Xorg X server - source files

 This package provides original Debian (with Debian patches already
 applied, and autotools files updated) sources for the X.Org ('Xorg')
 X server shipped in a tarball. This enables other projects re-using
 X server codebase (e.g. VNC servers) to (re-)use officially
 Debian-supported version of the X xserver for their builds.
 .
 Unless you are building a software product using X server sources,
 you probably want xserver-xorg and/or xserver-xorg-core instead.

xserver-common: common files used by various X servers

 This package provides files necessary for all X.Org based X servers.

xserver-xephyr: nested X server

 Xephyr is an X server that can be run inside another X server,
 much like Xnest. It is based on the kdrive X server, and as a
 result it supports newer extensions than Xnest, including render and
 composite.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xephyr-dbgsym: debug symbols for xserver-xephyr
xserver-xorg-core: Xorg X server - core server

 The Xorg X server is an X server for several architectures and operating
 systems, which is derived from the XFree86 4.x series of X servers.
 .
 The Xorg server supports most modern graphics hardware from most vendors,
 and supersedes all XFree86 X servers.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-core-dbgsym: debug symbols for xserver-xorg-core
xserver-xorg-dev: Xorg X server - development files

 This package provides development files for the X.Org ('Xorg') X server.
 This is not quite the same as the DDK (Driver Development Kit) from the
 XFree86 4.x and X.Org 6.7, 6.8 and 6.9 series of servers; it provides
 headers and a pkg-config file for drivers using autotools to build
 against.
 .
 Unless you are developing or building a driver, you probably want
 xserver-xorg and/or xserver-xorg-core instead.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xserver-xorg-legacy: setuid root Xorg server wrapper

 This package provides a wrapper for the Xorg X server, which is
 necessary for legacy drivers and non-Linux kernels.

xserver-xorg-legacy-dbgsym: debug symbols for xserver-xorg-legacy
xvfb: Virtual Framebuffer 'fake' X server

 Xvfb provides an X server that can run on machines with no display hardware
 and no physical input devices. It emulates a dumb framebuffer using virtual
 memory. The primary use of this server was intended to be server testing,
 but other novel uses for it have been found, including testing clients
 against unusual depths and screen configurations, doing batch processing with
 Xvfb as a background rendering engine, load testing, as an aid to porting the
 X server to a new platform, and providing an unobtrusive way to run
 applications that don't really need an X server but insist on having one
 anyway.
 .
 This package also contains a convenience script called xvfb-run which
 simplifies the automated execution of X clients in a virtual server
 environment. This convenience script requires the use of the xauth
 program.
 .
 More information about X.Org can be found at:
 <URL:https://www.x.org>
 .
 This package is built from the X.org xserver module.

xvfb-dbgsym: debug symbols for xvfb