Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-12182

Published: 12 October 2017

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Notes

AuthorNote
mdeslaur 
same commit as CVE-2017-12180

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Not vulnerable

xenial Not vulnerable
(code not present)
zesty Not vulnerable
(code not present)
xorg-hwe-16.04
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable
(code not present)
zesty Does not exist

xorg-server
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty
Released (2:1.15.1-0ubuntu2.11)
upstream
Released (1.19.5)
xenial
Released (2:1.18.4-0ubuntu0.7)
zesty
Released (2:1.19.3-1ubuntu1.3)
Patches:
upstream: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist

upstream
Released (1.19.5)
xenial
Released (2:1.19.3-1ubuntu1~16.04.4)
zesty Does not exist

xorg-server-lts-utopic
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-vivid
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-wily
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-xenial
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty Does not exist
(trusty was released [2:1.18.3-1ubuntu2.3~trusty4])
upstream
Released (1.19.5)
xenial Does not exist

zesty Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading