xorg-server

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Xorg X server
Version 1.20.8-3 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1211 1.20.8-2 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-14347 AVG-1211 Low No Information disclosure
Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-788 1.20.2-1 1.20.3-1 High Fixed
AVG-443 1.19.4-1 1.19.5-1 High Fixed
AVG-432 1.19.3-3 1.19.4-1 Medium Fixed
AVG-341 1.19.3-2 1.19.3-3 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-14665 AVG-788 High Yes Privilege escalation
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is...
CVE-2017-13723 AVG-432 Medium No Arbitrary code execution
A stack buffer overflow was found in xkbtext.c, which didn't handle xkb formatted string output safely due to a single shared static buffer. The fix...
CVE-2017-13721 AVG-432 Low No Denial of service
A denial of service vulnerability was found in xorg-server in the ProcShmCreateSegment function due to a missing shmseg resource ids validation. A passed...
CVE-2017-12183 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the xfixes component of xorg- server, where buffer lengths were not correctly validated.
CVE-2017-12178 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the Xi component of xorg-server, due to an invalid length check in ProcXIChangeHierarchy.
CVE-2017-12177 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the double buffer extension component of xorg-server, due to a missing validation of the length of a variable-length...
CVE-2017-12176 AVG-443 High Yes Arbitrary code execution
A security issue has been found in xorg-server, due to a missing validation of the extra length in ProcEstablishConnection().
CVE-2017-10972 AVG-341 High Yes Information disclosure
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server on v1.19.3 and before allowed authenticated malicious users to...
CVE-2017-10971 AVG-341 High Yes Arbitrary code execution
In the X.Org X server on v.1.19.3, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack...

Advisories

Date Advisory Group Severity Description
29 Oct 2018 ASA-201810-15 AVG-788 High privilege escalation
21 Oct 2017 ASA-201710-29 AVG-443 High arbitrary code execution
08 Oct 2017 ASA-201710-10 AVG-432 Medium multiple issues
14 Aug 2017 ASA-201708-11 AVG-341 High multiple issues