CVE-2015-0255

Published: 11 February 2015

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

From the Ubuntu Security Team

USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM.

Priority

Status

Package	Release	Status
vnc4 Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable (transitional package)
	eoan	Not vulnerable (transitional package)
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Ignored (reached end-of-life)
	lunar	Does not exist
	precise	Ignored (reached end-of-life)
	trusty	Released (4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1)
	upstream	Needed
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Ignored (reached end-of-life)
	xenial	Released (4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
	Patches: upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=81c90dc8f0aae3b65730409b1b615b5fa7280ebd (p1) upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=20079c36cf7d377938ca5478447d8b9045cb7d43 (p2)
xorg-server Launchpad, Ubuntu, Debian	artful	Released (2:1.16.2.901-1ubuntu4)
	bionic	Released (2:1.16.2.901-1ubuntu4)
	cosmic	Released (2:1.16.2.901-1ubuntu4)
	disco	Released (2:1.16.2.901-1ubuntu4)
	eoan	Released (2:1.16.2.901-1ubuntu4)
	focal	Released (2:1.16.2.901-1ubuntu4)
	groovy	Released (2:1.16.2.901-1ubuntu4)
	hirsute	Released (2:1.16.2.901-1ubuntu4)
	impish	Released (2:1.16.2.901-1ubuntu4)
	jammy	Released (2:1.16.2.901-1ubuntu4)
	kinetic	Released (2:1.16.2.901-1ubuntu4)
	lucid	Ignored (reached end-of-life)
	lunar	Released (2:1.16.2.901-1ubuntu4)
	precise	Released (2:1.11.4-0ubuntu10.17)
	trusty	Released (2:1.15.1-0ubuntu2.7)
	upstream	Needed
	utopic	Released (2:1.16.0-1ubuntu1.3)
	vivid	Released (2:1.16.2.901-1ubuntu4)
	wily	Released (2:1.16.2.901-1ubuntu4)
	xenial	Released (2:1.16.2.901-1ubuntu4)
	yakkety	Released (2:1.16.2.901-1ubuntu4)
	zesty	Released (2:1.16.2.901-1ubuntu4)
	Patches: upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=81c90dc8f0aae3b65730409b1b615b5fa7280ebd (p1) upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=20079c36cf7d377938ca5478447d8b9045cb7d43 (p2)
xorg-server-lts-quantal Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	precise	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xorg-server-lts-raring Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	precise	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xorg-server-lts-saucy Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	precise	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xorg-server-lts-trusty Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	precise	Released (2:1.15.1-0ubuntu2~precise5)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xorg-server-lts-utopic Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lucid	Does not exist
	lunar	Does not exist
	precise	Does not exist
	trusty	Released (2:1.16.0-1ubuntu1.2~trusty2)
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›