CVE-2014-8096

Publication date 9 December 2014

Last updated 24 July 2024

Ubuntu priority

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xorg-server	14.10 utopic	Fixed 2:1.16.0-1ubuntu1.1
	14.04 LTS trusty	Fixed 2:1.15.1-0ubuntu2.4
	12.04 LTS precise	Fixed 2:1.11.4-0ubuntu10.15
	10.04 LTS lucid	Ignored end of life
xorg-server-lts-trusty	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 2:1.15.1-0ubuntu2~precise3
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2436-1
X.Org X server vulnerabilities
9 December 2014

Other references

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
https://www.cve.org/CVERecord?id=CVE-2014-8096