[ubuntu/jammy-security] xorg-server 2:21.1.4-2ubuntu1.7~22.04.15 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 17 14:56:01 UTC 2025 

xorg-server (2:21.1.4-2ubuntu1.7~22.04.15) jammy-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access in X Rendering extension
    - debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
      in render/animcur.c, render/render.c.
    - CVE-2025-49175
  * SECURITY UPDATE: Integer overflow in Big Requests Extension
    - debian/patches/CVE-2025-49176.patch: do not overflow the integer size
      with BigRequest in dix/dispatch.c, os/io.c.
    - CVE-2025-49176
  * SECURITY UPDATE: Data leak in XFIXES Extension 6
    - debian/patches/CVE-2025-49177.patch: check request length for
      SetClientDisconnectMode in xfixes/disconnect.c.
    - CVE-2025-49177
  * SECURITY UPDATE: Unprocessed client request via bytes to ignore
    - debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
      sharing input buffer in os/io.c.
    - CVE-2025-49178
  * SECURITY UPDATE: Integer overflow in X Record extension
    - debian/patches/CVE-2025-49179.patch: check for overflow in
      RecordSanityCheckRegisterClients() in record/record.c.
    - CVE-2025-49179
  * SECURITY UPDATE: Integer overflow in RandR extension
    - debian/patches/CVE-2025-49180-1.patch: check for overflow in
      RRChangeProviderProperty() in randr/rrproviderproperty.c.
    - debian/patches/CVE-2025-49180-2.patch: check for RandR provider
      functions in hw/xfree86/modes/xf86RandR12.c.
    - CVE-2025-49180

xorg-server (2:21.1.4-2ubuntu1.7~22.04.14) jammy; urgency=medium

  * If a client application has not called DRI2ScreenInit(), 
    DRI2Authenticate() and DRI2CreateDrawable2() cause the X server to
    crash. This patch adds some sanity checks to ensure the X server
    stays running. (LP: #1861609)
    - d/p/lp1861609-dri2-Protect-against-dri2ClientPrivate-assertio.patch

Date: 2025-06-10 20:03:12.779838+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.15
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list