xorg-server

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Xorg X server
Version 1.20.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-788 1.20.2-1 1.20.3-1 High Fixed
AVG-443 1.19.4-1 1.19.5-1 High Fixed
AVG-432 1.19.3-3 1.19.4-1 Medium Fixed
AVG-341 1.19.3-2 1.19.3-3 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-14665 AVG-788 High Yes Privilege escalation
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is...
CVE-2017-13723 AVG-432 Medium No Arbitrary code execution
A stack buffer overflow was found in xkbtext.c, which didn't handle xkb formatted string output safely due to a single shared static buffer. The fix...
CVE-2017-13721 AVG-432 Low No Denial of service
A denial of service vulnerability was found in xorg-server in the ProcShmCreateSegment function due to a missing shmseg resource ids validation. A passed...
CVE-2017-12183 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the xfixes component of xorg- server, where buffer lengths were not correctly validated.
CVE-2017-12178 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the Xi component of xorg-server, due to an invalid length check in ProcXIChangeHierarchy.
CVE-2017-12177 AVG-443 High Yes Arbitrary code execution
A security issue has been found in the double buffer extension component of xorg-server, due to a missing validation of the length of a variable-length...
CVE-2017-12176 AVG-443 High Yes Arbitrary code execution
A security issue has been found in xorg-server, due to a missing validation of the extra length in ProcEstablishConnection().
CVE-2017-10972 AVG-341 High Yes Information disclosure
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server on v1.19.3 and before allowed authenticated malicious users to...
CVE-2017-10971 AVG-341 High Yes Arbitrary code execution
In the X.Org X server on v.1.19.3, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack...

Advisories

Date Advisory Group Severity Description
29 Oct 2018 ASA-201810-15 AVG-788 High privilege escalation
21 Oct 2017 ASA-201710-29 AVG-443 High arbitrary code execution
08 Oct 2017 ASA-201710-10 AVG-432 Medium multiple issues
14 Aug 2017 ASA-201708-11 AVG-341 High multiple issues