CVE-2014-8094

Publication date 9 December 2014

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xorg-server	14.10 utopic	Fixed 2:1.16.0-1ubuntu1.1
	14.04 LTS trusty	Fixed 2:1.15.1-0ubuntu2.4
	12.04 LTS precise	Fixed 2:1.11.4-0ubuntu10.15
	10.04 LTS lucid	Ignored
xorg-server-lts-trusty	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 2:1.15.1-0ubuntu2~precise3
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2436-1
X.Org X server vulnerabilities
9 December 2014

Other references

http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
https://www.cve.org/CVERecord?id=CVE-2014-8094