Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-218-1 xorg-server

Debian Security Advisory

DLA-218-1 xorg-server -- LTS security update

Date Reported:

01 May 2015

Affected Packages:

xorg-server

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-0255.

More information:

Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

This upload to Debian squeeze-lts fixes the issue by not swapping XkbSetGeometry data in the input buffer any more and checking strings' length against request size.