Debian Security Advisory
DLA-120-2 xorg-server -- LTS security update
- Date Reported:
- 04 May 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3418.
- More information:
Andreas Cord-Landwehr reported an issue where the X.Org Xserver would often crash with an arithmetic exception when maximizing application windows.
The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check (in dix/dispatch.c).
For Debian 6
Squeeze, these issues have been fixed in xorg-server version 2:1.7.7-18+deb6u3