Debian Security Advisory

DLA-218-1 xorg-server -- LTS security update

Date Reported:
01 May 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-0255.
More information:

Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

This upload to Debian squeeze-lts fixes the issue by not swapping XkbSetGeometry data in the input buffer any more and checking strings' length against request size.