CVE-2016-7948 in Ubuntu

CVE-2016-7948

Priority

Description

X.org libXrandr before 1.5.1 allows remote X servers to trigger
out-of-bounds write operations by leveraging mishandling of reply data.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
http://www.openwall.com/lists/oss-security/2016/10/04/4
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
https://ubuntu.com/security/notices/USN-5428-1

Notes

mdeslaur	https://wiki.ubuntu.com/1204_HWE_EOL
sbeattie	same commit as CVE-2016-7947
rodrigo-zaiden	there is a follow up commit, 87227e5f, that fixes a memory leak introduced in the first commit.

Package

Source: libxrandr (LP Ubuntu Debian)

Upstream:	released (1.5.1)
Ubuntu 18.04 LTS:	released (2:1.5.1-1)
Ubuntu 20.04 LTS:	released (2:1.5.1-1)
Ubuntu 21.10:	released (2:1.5.1-1)
Ubuntu 16.04 ESM:	released (2:1.5.0-1ubuntu0.1~esm1)
Ubuntu 22.04 LTS:	released (2:1.5.1-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Upstream:

https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6

Package

Source: libxrandr-lts-quantal (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: libxrandr-lts-raring (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: libxrandr-lts-saucy (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: libxrandr-lts-trusty (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-06-10 13:58:59 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)