A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent
function, it is possible to exceed the allocated array length when certain
new device IDs are added to the xXIHierarchyInfo struct. This can trigger a
heap buffer overflow condition, which may lead to an application crash or
remote code execution in SSH X11 forwarding environments.
Author | Note |
---|---|
mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | xorg-server | <Â 2:1.19.6-1ubuntu4.15+esm4 | UNKNOWN |
ubuntu | 20.04 | noarch | xorg-server | <Â 2:1.20.13-1ubuntu1~20.04.14 | UNKNOWN |
ubuntu | 22.04 | noarch | xorg-server | <Â 2:21.1.4-2ubuntu1.7~22.04.7 | UNKNOWN |
ubuntu | 23.04 | noarch | xorg-server | <Â 2:21.1.7-1ubuntu3.6 | UNKNOWN |
ubuntu | 23.10 | noarch | xorg-server | <Â 2:21.1.7-3ubuntu2.6 | UNKNOWN |
ubuntu | 24.04 | noarch | xorg-server | <Â 2:21.1.11-1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | xorg-server | <Â 2:1.15.1-0ubuntu2.11+esm9 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server | <Â 2:1.18.4-0ubuntu0.12+esm9 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server-hwe-16.04 | <Â any | UNKNOWN |
ubuntu | 18.04 | noarch | xorg-server-hwe-18.04 | <Â any | UNKNOWN |