Your submission was sent successfully! Close

CVE-2017-13723

Published: 9 October 2017

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)
zesty Not vulnerable
(code not present)
xorg-hwe-16.04
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
zesty Does not exist

xorg-server
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2:1.15.1-0ubuntu2.10)
upstream Needs triage

xenial
Released (2:1.18.4-0ubuntu0.6)
zesty
Released (2:1.19.3-1ubuntu1.2)
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (2:1.19.3-1ubuntu1~16.04.3)
zesty Does not exist

xorg-server-lts-utopic
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-vivid
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-wily
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [reached end-of-life])
upstream Needs triage

xenial Does not exist

zesty Does not exist

xorg-server-lts-xenial
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [2:1.18.3-1ubuntu2.3~trusty3])
upstream Needs triage

xenial Does not exist

zesty Does not exist