CVE-2015-0255

Publication date 11 February 2015

Last updated 24 July 2024


Ubuntu priority

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.

From the Ubuntu Security Team

USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM.

Status

Package Ubuntu Release Status
vnc4 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan
Not affected
19.04 disco
Not affected
18.10 cosmic Ignored end of life
18.04 LTS bionic
Vulnerable
17.10 artful Ignored end of life
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life
xorg-server 24.10 oracular
Fixed 2:1.16.2.901-1ubuntu4
24.04 LTS noble
Fixed 2:1.16.2.901-1ubuntu4
23.10 mantic
Fixed 2:1.16.2.901-1ubuntu4
23.04 lunar
Fixed 2:1.16.2.901-1ubuntu4
22.10 kinetic
Fixed 2:1.16.2.901-1ubuntu4
22.04 LTS jammy
Fixed 2:1.16.2.901-1ubuntu4
21.10 impish
Fixed 2:1.16.2.901-1ubuntu4
21.04 hirsute
Fixed 2:1.16.2.901-1ubuntu4
20.10 groovy
Fixed 2:1.16.2.901-1ubuntu4
20.04 LTS focal
Fixed 2:1.16.2.901-1ubuntu4
19.10 eoan
Fixed 2:1.16.2.901-1ubuntu4
19.04 disco
Fixed 2:1.16.2.901-1ubuntu4
18.10 cosmic
Fixed 2:1.16.2.901-1ubuntu4
18.04 LTS bionic
Fixed 2:1.16.2.901-1ubuntu4
17.10 artful
Fixed 2:1.16.2.901-1ubuntu4
17.04 zesty
Fixed 2:1.16.2.901-1ubuntu4
16.10 yakkety
Fixed 2:1.16.2.901-1ubuntu4
16.04 LTS xenial
Fixed 2:1.16.2.901-1ubuntu4
15.10 wily
Fixed 2:1.16.2.901-1ubuntu4
15.04 vivid
Fixed 2:1.16.2.901-1ubuntu4
14.10 utopic
Fixed 2:1.16.0-1ubuntu1.3
14.04 LTS trusty
Fixed 2:1.15.1-0ubuntu2.7
12.04 LTS precise
Fixed 2:1.11.4-0ubuntu10.17
10.04 LTS lucid Ignored end of life
xorg-server-lts-quantal 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
xorg-server-lts-raring 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
xorg-server-lts-saucy 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
xorg-server-lts-trusty 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise
Fixed 2:1.15.1-0ubuntu2~precise5
10.04 LTS lucid Not in release
xorg-server-lts-utopic 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
23.04 lunar Not in release
22.10 kinetic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty
Fixed 2:1.16.0-1ubuntu1.2~trusty2
12.04 LTS precise Not in release
10.04 LTS lucid Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
vnc4
xorg-server

References

Related Ubuntu Security Notices (USN)

    • USN-2500-1
    • X.Org X server vulnerabilities
    • 17 February 2015

Other references