CVE-2017-12185

Published: 12 October 2017

xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
xorg-hwe-16.04
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xorg-server
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:1.18.4-0ubuntu0.7)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:1.15.1-0ubuntu2.11)
Patches:
Upstream: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:1.19.3-1ubuntu1~16.04.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xorg-server-lts-utopic
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-vivid
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-wily
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [reached end-of-life])
xorg-server-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (1.19.5)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2:1.18.3-1ubuntu2.3~trusty4])