[ubuntu/noble-security] xorg-server 2:21.1.12-1ubuntu1.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 17 14:55:59 UTC 2025 

xorg-server (2:21.1.12-1ubuntu1.4) noble-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access in X Rendering extension
    - debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
      in render/animcur.c, render/render.c.
    - CVE-2025-49175
  * SECURITY UPDATE: Integer overflow in Big Requests Extension
    - debian/patches/CVE-2025-49176.patch: do not overflow the integer size
      with BigRequest in dix/dispatch.c, os/io.c.
    - CVE-2025-49176
  * SECURITY UPDATE: Data leak in XFIXES Extension 6
    - debian/patches/CVE-2025-49177.patch: check request length for
      SetClientDisconnectMode in xfixes/disconnect.c.
    - CVE-2025-49177
  * SECURITY UPDATE: Unprocessed client request via bytes to ignore
    - debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
      sharing input buffer in os/io.c.
    - CVE-2025-49178
  * SECURITY UPDATE: Integer overflow in X Record extension
    - debian/patches/CVE-2025-49179.patch: check for overflow in
      RecordSanityCheckRegisterClients() in record/record.c.
    - CVE-2025-49179
  * SECURITY UPDATE: Integer overflow in RandR extension
    - debian/patches/CVE-2025-49180-1.patch: check for overflow in
      RRChangeProviderProperty() in randr/rrproviderproperty.c.
    - debian/patches/CVE-2025-49180-2.patch: check for RandR provider
      functions in hw/xfree86/modes/xf86RandR12.c.
    - CVE-2025-49180

xorg-server (2:21.1.12-1ubuntu1.3) noble; urgency=medium

  * If a client application has not called DRI2ScreenInit(), 
    DRI2Authenticate() and DRI2CreateDrawable2() cause the X server to
    crash. This patch adds some sanity checks to ensure the X server
    stays running. (LP: #1861609)
    - d/p/lp1861609-dri2-Protect-against-dri2ClientPrivate-assertio.patch

Date: 2025-06-10 19:55:15.133295+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.

More information about the noble-changes mailing list