Information on source package xorg-server

Available versions

ReleaseVersion
jessie2:1.16.4-1+deb8u17
stretch2:1.19.2-1+deb9u20
stretch (security)2:1.19.2-1+deb9u9
buster2:1.20.4-1+deb10u15
buster (security)2:1.20.4-1+deb10u14
bullseye2:1.20.11-1+deb11u13
bullseye (security)2:1.20.11-1+deb11u14
bookworm2:21.1.7-3+deb12u8
trixie2:21.1.14-2
sid2:21.1.15-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-5574vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableA use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-31082vulnerablevulnerablevulnerablefixedfixedfixedfixedA heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2022-3553vulnerablevulnerablevulnerablevulnerablefixedfixedfixedA vulnerability, which was classified as problematic, was found in X.o ...

Resolved issues

BugDescription
TEMP-0555308-79E91Cxserver-xorg: inherits user's mask
CVE-2024-31083A use-after-free vulnerability was found in the ProcRenderAddGlyphs() ...
CVE-2024-31081A heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2024-31080A heap-based buffer over-read vulnerability was found in the X.org ser ...
CVE-2024-21886A heap buffer overflow flaw was found in the DisableDevice function in ...
CVE-2024-21885A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent fu ...
CVE-2024-9632A flaw was found in the X.org server. Due to improperly tracked alloca ...
CVE-2024-0409A flaw was found in the X.Org server. The cursor code in both Xephyr a ...
CVE-2024-0408A flaw was found in the X.Org server. The GLX PBuffer code does not ca ...
CVE-2024-0229An out-of-bounds memory access flaw was found in the X.Org server. Thi ...
CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQuer ...
CVE-2023-6478A flaw was found in xorg-server. A specially crafted request to RRChan ...
CVE-2023-6377A flaw was found in xorg-server. Querying or changing XKB button actio ...
CVE-2023-5380A use-after-free flaw was found in the xorg-x11-server. An X server cr ...
CVE-2023-5367A out-of-bounds write flaw was found in the xorg-x11-server. This issu ...
CVE-2023-1393A flaw was found in X.Org Server Overlay Window. A Use-After-Free may ...
CVE-2023-0494A vulnerability was found in X.Org. This issue occurs due to a danglin ...
CVE-2022-46344A vulnerability was found in X.Org. This security flaw occurs because ...
CVE-2022-46343A vulnerability was found in X.Org. This security flaw occurs because ...
CVE-2022-46342A vulnerability was found in X.Org. This security flaw occurs because ...
CVE-2022-46341A vulnerability was found in X.Org. This security flaw occurs because ...
CVE-2022-46340A vulnerability was found in X.Org. This security flaw occurs becuase ...
CVE-2022-4283A vulnerability was found in X.Org. This security flaw occurs because ...
CVE-2022-3551A vulnerability, which was classified as problematic, has been found i ...
CVE-2022-3550A vulnerability classified as critical was found in X.org Server. Affe ...
CVE-2022-2320A flaw was found in the Xorg-x11-server. The specific flaw exists with ...
CVE-2022-2319A flaw was found in the Xorg-x11-server. An out-of-bounds access issue ...
CVE-2021-4011A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...
CVE-2021-4010A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...
CVE-2021-4009A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...
CVE-2021-4008A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...
CVE-2021-3472A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...
CVE-2020-25712A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer over ...
CVE-2020-14362A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...
CVE-2020-14361A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...
CVE-2020-14360A flaw was found in the X.Org Server before version 1.20.10. An out-of ...
CVE-2020-14347A flaw was found in the way xserver memory was not properly initialize ...
CVE-2020-14346A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...
CVE-2020-14345A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...
CVE-2018-14665A flaw was found in xorg-x11-server before 1.20.3. An incorrect permis ...
CVE-2017-13723In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local a ...
CVE-2017-13721In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attack ...
CVE-2017-12187xorg-x11-server before 1.19.5 was missing length validation in RENDER ...
CVE-2017-12186xorg-x11-server before 1.19.5 was missing length validation in X-Resou ...
CVE-2017-12185xorg-x11-server before 1.19.5 was missing length validation in MIT-SCR ...
CVE-2017-12184xorg-x11-server before 1.19.5 was missing length validation in XINERAM ...
CVE-2017-12183xorg-x11-server before 1.19.5 was missing length validation in XFIXES ...
CVE-2017-12182xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...
CVE-2017-12181xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...
CVE-2017-12180xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...
CVE-2017-12179xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S ...
CVE-2017-12178xorg-x11-server before 1.19.5 had wrong extra length check in ProcXICh ...
CVE-2017-12177xorg-x11-server before 1.19.5 was vulnerable to integer overflow in Pr ...
CVE-2017-12176xorg-x11-server before 1.19.5 was missing extra length validation in P ...
CVE-2017-10972Uninitialized data in endianness conversion in the XEvent handling of ...
CVE-2017-10971In the X.Org X server before 2017-06-19, a user authenticated to an X ...
CVE-2017-2624It was found that xorg-x11-server before 1.19.0 including uses memcmp( ...
CVE-2015-3418The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserv ...
CVE-2015-3164The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 s ...
CVE-2015-0255X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x be ...
CVE-2014-8103X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x befor ...
CVE-2014-8102The SProcXFixesSelectSelectionInput function in the XFixes extension i ...
CVE-2014-8101The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 o ...
CVE-2014-8100The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 ...
CVE-2014-8099The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 ...
CVE-2014-8098The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) ...
CVE-2014-8097The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and ...
CVE-2014-8096The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X ...
CVE-2014-8095The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and ...
CVE-2014-8094Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extens ...
CVE-2014-8093Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org ...
CVE-2014-8092Multiple integer overflows in X.Org X Window System (aka X11 or X) X11 ...
CVE-2014-8091X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xser ...
CVE-2013-6424Integer underflow in the xTrapezoidValid macro in render/picture.h in ...
CVE-2013-4396Use-after-free vulnerability in the doImageText function in dix/dixfon ...
CVE-2013-1940X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...
CVE-2013-1056X.org X server 1.13.3 and earlier, when not run as root, allows local ...
CVE-2012-2118Format string vulnerability in the LogVHdrMessageVerb function in os/l ...
CVE-2012-0064xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB de ...
CVE-2011-4029The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...
CVE-2011-4028The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...
CVE-2010-4819The ProcRenderAddGlyphs function in the Render extension (render/rende ...
CVE-2010-4818The GLX extension in X.Org xserver 1.7.7 allows remote authenticated u ...
CVE-2010-1166The fbComposite function in fbpict.c in the Render extension in the X ...
CVE-2009-1573xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ot ...
CVE-2008-2362Multiple integer overflows in the Render extension in the X server 1.4 ...
CVE-2008-2361Integer overflow in the ProcRenderCreateCursor function in the Render ...
CVE-2008-2360Integer overflow in the AllocateGlyph function in the Render extension ...
CVE-2008-1379Integer overflow in the fbShmPutImage function in the MIT-SHM extensio ...
CVE-2008-1377The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients fu ...
CVE-2008-0006Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...
CVE-2007-6429Multiple integer overflows in X.Org Xserver before 1.4.1 allow context ...
CVE-2007-6428The ProcGetReservedColormapEntries function in the TOG-CUP extension i ...
CVE-2007-6427The XInput extension in X.Org Xserver before 1.4.1 allows context-depe ...
CVE-2007-5958X.Org Xserver before 1.4.1 allows local users to determine the existen ...
CVE-2007-5760Array index error in the XFree86-Misc extension in X.Org Xserver befor ...
CVE-2007-4730Buffer overflow in the compNewPixmap function in compalloc.c in the Co ...
CVE-2007-3920GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...
CVE-2007-2437The X render (Xrender) extension in X.org X Window System 7.0, 7.1, an ...
CVE-2007-1003Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList functio ...
CVE-2006-6103Integer overflow in the ProcDbeSwapBuffers function in the DBE extensi ...
CVE-2006-6102Integer overflow in the ProcDbeGetVisualInfo function in the DBE exten ...
CVE-2006-6101Integer overflow in the ProcRenderAddGlyphs function in the Render ext ...
CVE-2006-4447X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...
CVE-2006-1526Buffer overflow in the X render (Xrender) extension in X.org X server ...
CVE-2006-0745X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ina ...

Security announcements

DSA / DLADescription
ELA-1223-1xorg-server - security update
DSA-5800-1xorg-server - security update
DLA-3940-1xorg-server - security update
ELA-1072-1xorg-server - security update
DLA-3787-1xorg-server - security update
DSA-5657-1xorg-server - security update
ELA-1043-1xorg-server - security update
ELA-1040-1xorg-server - security update
DLA-3721-1xorg-server - security update
DSA-5603-1xorg-server - security update
DSA-5576-2xorg-server - security update
DLA-3686-2xorg-server - security update
ELA-1019-2xorg-server - security update
DSA-5576-1xorg-server - security update
DLA-3686-1xorg-server - security update
ELA-1019-1xorg-server - security update
DSA-5534-1xorg-server - security update
DLA-3631-1xorg-server - security update
ELA-990-1xorg-server - security update
DSA-5380-1xorg-server - security update
DLA-3372-1xorg-server - security update
ELA-821-1xorg-server - security update
DSA-5342-1xorg-server - security update
DLA-3310-1xorg-server - security update
ELA-794-1xorg-server - security update
ELA-782-1xorg-server - security update
DLA-3256-1xorg-server - security update
DSA-5304-1xorg-server - security update
DSA-5278-1xorg-server - security update
ELA-730-1xorg-server - security update
DLA-3185-1xorg-server - security update
DSA-5199-1xorg-server - security update
DLA-3068-1xorg-server - security update
ELA-654-1xorg-server - security update
DLA-2869-1xorg-server - security update
ELA-534-1xorg-server - security update
DSA-5027-1xorg-server - security update
DSA-4893-1xorg-server - security update
DLA-2627-1xorg-server - security update
ELA-405-1xorg-server - security update
DLA-2486-1xorg-server - security update
ELA-328-1xorg-server - security update
DSA-4803-1xorg-server - security update
DSA-4758-1xorg-server - security update
DLA-2359-1xorg-server - security update
ELA-272-1xorg-server - security update
DSA-4328-1xorg-server - security update
DLA-1186-1xorg-server - security update
DSA-4000-1xorg-server - security update
DLA-1026-1xorg-server - security update
DSA-3905-1xorg-server - security update
DLA-120-2xorg-server - regression update
DLA-218-1xorg-server - security update
DSA-3160-1xorg-server - security update
DLA-120-1xorg-server - security update
DSA-3095-1xorg-server - security update
DSA-2822-1xorg-server - integer underflow
DSA-2784-1xorg-server - use-after-free
DSA-2661-1xorg-server - information disclosure
DSA-1595-1xorg-server - several vulnerabilities
DSA-1466-2libxfont xfree86 xorg-server - several vulnerabilities
DSA-1372-1xorg-server - privilege escalation

Search for package or bug name: Reporting problems