X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "xdmx-tools": "2:1.15.1-0ubuntu2.7", "xnest": "2:1.15.1-0ubuntu2.7", "xvfb": "2:1.15.1-0ubuntu2.7", "xdmx": "2:1.15.1-0ubuntu2.7", "xserver-xorg-core-dbg": "2:1.15.1-0ubuntu2.7", "xserver-xorg-dev": "2:1.15.1-0ubuntu2.7", "xorg-server-source": "2:1.15.1-0ubuntu2.7", "xserver-xorg-core": "2:1.15.1-0ubuntu2.7", "xserver-common": "2:1.15.1-0ubuntu2.7", "xserver-xorg-core-udeb": "2:1.15.1-0ubuntu2.7", "xserver-xephyr": "2:1.15.1-0ubuntu2.7", "xserver-xorg-xmir": "2:1.15.1-0ubuntu2.7" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "xorg-server-source-lts-utopic": "2:1.16.0-1ubuntu1.2~trusty2", "xserver-xephyr-lts-utopic": "2:1.16.0-1ubuntu1.2~trusty2", "xwayland-lts-utopic": "2:1.16.0-1ubuntu1.2~trusty2", "xserver-xorg-core-lts-utopic": "2:1.16.0-1ubuntu1.2~trusty2", "xserver-xorg-dev-lts-utopic": "2:1.16.0-1ubuntu1.2~trusty2", "xserver-xorg-core-lts-utopic-dbg": "2:1.16.0-1ubuntu1.2~trusty2" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "vnc4server": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "vnc4server-dbgsym": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "xvnc4viewer": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "xvnc4viewer-dbgsym": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "vnc4server": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "vnc4server-dbgsym": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "xvnc4viewer": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "xvnc4viewer-dbgsym": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1" } ] }