Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

For the stable distribution (wheezy), this problem has been fixed in version 2:1.12.4-6+deb7u6. For the unstable distribution (sid), this problem has been fixed in version 2:1.16.4-1. We recommend that you upgrade your xorg-server packages.

The Xorg X server is an X server for several architectures and operating systems, which is derived from the XFree86 4.x series of X servers.

xorg-server on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2015/dsa-3160.html

---

Updated on 2015-03-25