[ubuntu/noble-security] xorg-server 2:21.1.12-1ubuntu1.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Feb 25 16:10:43 UTC 2025 

xorg-server (2:21.1.12-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: Use-after-free of the root cursor
    - debian/patches/CVE-2025-26594-1.patch: refuse to free the root cursor
      in dix/dispatch.c.
    - debian/patches/CVE-2025-26594-2.patch: keep a ref to the rootCursor
      in dix/main.c.
    - CVE-2025-26594
  * SECURITY UPDATE: Buffer overflow in XkbVModMaskText()
    - debian/patches/CVE-2025-26595.patch: fix bounds check in
      xkb/xkbtext.c.
    - CVE-2025-26595
  * SECURITY UPDATE: Heap overflow in XkbWriteKeySyms()
    - debian/patches/CVE-2025-26596.patch: fix computation of
      XkbSizeKeySyms in xkb/xkb.c.
    - CVE-2025-26596
  * SECURITY UPDATE: Buffer overflow in XkbChangeTypesOfKey()
    - debian/patches/CVE-2025-26597.patch: also resize key actions in
      xkb/XKBMisc.c.
    - CVE-2025-26597
  * SECURITY UPDATE: Out-of-bounds write in CreatePointerBarrierClient()
    - debian/patches/CVE-2025-26598.patch: fix barrier device search in
      Xi/xibarriers.c.
    - CVE-2025-26598
  * SECURITY UPDATE: Use of uninitialized pointer in compRedirectWindow()
    - debian/patches/CVE-2025-26599-1.patch: handle failure to redirect in
      composite/compalloc.c.
    - debian/patches/CVE-2025-26599-2.patch: initialize border clip even
      when pixmap alloc fails in composite/compalloc.c.
    - CVE-2025-26599
  * SECURITY UPDATE: Use-after-free in PlayReleasedEvents()
    - debian/patches/CVE-2025-26600.patch: dequeue pending events on frozen
      device on removal in dix/devices.c.
    - CVE-2025-26600
  * SECURITY UPDATE: Use-after-free in SyncInitTrigger()
    - debian/patches/CVE-2025-26601-1.patch: do not let sync objects
      uninitialized in Xext/sync.c.
    - debian/patches/CVE-2025-26601-2.patch: check values before applying
      changes in Xext/sync.c.
    - debian/patches/CVE-2025-26601-3.patch: do not fail
      SyncAddTriggerToSyncObject() in Xext/sync.c.
    - debian/patches/CVE-2025-26601-4.patch: apply changes last in
      SyncChangeAlarmAttributes() in Xext/sync.c.
    - CVE-2025-26601

Date: 2025-02-19 14:11:12.544208+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the noble-changes mailing list