[ubuntu/lucid-security] xorg-server 2:1.7.6-2ubuntu7.8 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Oct 18 16:05:12 UTC 2011
xorg-server (2:1.7.6-2ubuntu7.8) lucid-security; urgency=low
* SECURITY UPDATE: file existence disclosure
- debian/patches/205_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/206_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029
* SECURITY UPDATE: denial of service and possible code execution via
incorrect input sanitization
- debian/patches/207_CVE-2010-4818.patch: validate sizes and arguments
in glx/{glxcmds,glxcmdsswap,xfont}.c.
- CVE-2010-4818
* SECURITY UPDATE: denial of service or possible memory leak
- debian/patches/208_CVE-2010-4819.patch: protect against bad nglyphs
in render/render.c.
- CVE-2010-4819
Date: Fri, 14 Oct 2011 06:11:12 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/xorg-server/2:1.7.6-2ubuntu7.8
-------------- next part --------------
Format: 1.8
Date: Fri, 14 Oct 2011 06:11:12 -0400
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common
Architecture: source
Version: 2:1.7.6-2ubuntu7.8
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu X-SWAT <ubuntu-x at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
xdmx - distributed multihead X server
xdmx-tools - Distributed Multihead X tools
xnest - Nested X server
xserver-common - common files used by various X servers
xserver-xephyr - nested X server
xserver-xfbdev - Linux framebuffer device tiny X server
xserver-xorg-core - Xorg X server - core server
xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
xserver-xorg-dev - Xorg X server - development files
xvfb - Virtual Framebuffer 'fake' X server
Changes:
xorg-server (2:1.7.6-2ubuntu7.8) lucid-security; urgency=low
.
* SECURITY UPDATE: file existence disclosure
- debian/patches/205_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/206_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029
* SECURITY UPDATE: denial of service and possible code execution via
incorrect input sanitization
- debian/patches/207_CVE-2010-4818.patch: validate sizes and arguments
in glx/{glxcmds,glxcmdsswap,xfont}.c.
- CVE-2010-4818
* SECURITY UPDATE: denial of service or possible memory leak
- debian/patches/208_CVE-2010-4819.patch: protect against bad nglyphs
in render/render.c.
- CVE-2010-4819
Checksums-Sha1:
b5e733f73f6717dde8f2a59e89476f1321096f50 4119 xorg-server_1.7.6-2ubuntu7.8.dsc
bbae932dbea217448861d1ec1232b46a62ae9906 427331 xorg-server_1.7.6-2ubuntu7.8.diff.gz
Checksums-Sha256:
c103cd1517f5b99c66f337786ebca644fcce97b27ce72c16b1c84a42213b3bfa 4119 xorg-server_1.7.6-2ubuntu7.8.dsc
831fb5981ecf70387cd39a398675feb08c8c7c4e8c42e06c7472a920fa71b812 427331 xorg-server_1.7.6-2ubuntu7.8.diff.gz
Files:
cfee3319b4ecab42ae823f75da286ac6 4119 x11 optional xorg-server_1.7.6-2ubuntu7.8.dsc
e0cd37a29eb46510861e56094a9d48da 427331 x11 optional xorg-server_1.7.6-2ubuntu7.8.diff.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>
More information about the Lucid-changes
mailing list