Ubuntu 11.10 USN-1232-1 Critical: X.Org X Server Code Execution Risk
Oct 18, 2011
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
The X server could be made to crash, run programs as an administrator, or read arbitrary files.
=========================================================================Ubuntu Security Notice USN-1232-1 October 18, 2011 xorg-server vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: The X server could be made to crash, run programs as an administrator, or read arbitrary files. Software Description: - xorg-server: X.Org X server Details: It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: xserver-xorg-core 2:1.10.4-1ubuntu4.1 Ubuntu 11.04: xserver-xorg-core 2:1.10.1-1ubuntu1.3 Ubuntu 10.10: xserver-xorg-core 2:1.9.0-0ubuntu7.5 Ubuntu 10.04 LTS: xserver-xorg-core 2:1.7.6-2ubuntu7.8 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1232-1 CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.4-1ubuntu4.1 https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.1-1ubuntu1.3 https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.5 https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.8
PREVIOUS
NEXT
Ubuntu 11.10 USN-1232-1 Critical: X.Org X Server Code Execution Risk
ubuntu
October 18, 2011
The X server could be made to crash, run programs as an administrator, or read arbitrary files.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: xserver-xorg-core 2:1.10.4-1ubuntu4.1 Ubuntu 11.04: xserver-xorg-core 2:1.10.1-1ubuntu1.3 Ubuntu 10.10: xserver-xorg-core 2:1.9.0-0ubuntu7.5 Ubuntu 10.04 LTS: xserver-xorg-core 2:1.7.6-2ubuntu7.8 After a standard system update you need to restart your session to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1232-1
CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029
Severity
critical
Lowest
Low
Medium
High
Critical
October 18, 2011
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.4-1ubuntu4.1 https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.1-1ubuntu1.3 https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.5 https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.8
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!