CVE-2017-12180

Published: 12 October 2017

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
xorg-hwe-16.04
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xorg-server
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:1.18.4-0ubuntu0.7)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:1.15.1-0ubuntu2.11)
Patches:
Upstream: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:1.19.3-1ubuntu1~16.04.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xorg-server-lts-utopic
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-vivid
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-wily
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2:1.18.3-1ubuntu2.3~trusty4])