Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 14.10: USN-2500-1 Critical: Xorg-Server Information Leak

ubuntu
Calendar Grey February 17, 2015
Dist Ubuntu Esm H88
Explore vulnerabilities rectified in Ubuntu USN-2500-1 pertaining to the X.Org X server, essential for dependable system functionality.
Several security issues were fixed in the X.Org X server.

Summary

Several security issues were fixed in the X.Org X server.

Software Description:

- xorg-server: X.Org X11 server

- xorg-server-lts-utopic: X.Org X11 server

- xorg-server-lts-trusty: X.Org X11 server

Details:

Olivier Fourdan discovered that the X.Org X server incorrectly handled

XkbSetGeometry requests resulting in an information leak. An attacker able

to connect to an X server, either locally or remotely, could use this issue

to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that the X.Org X server incorrectly handled certain

trapezoids. An attacker able to connect to an X server, either locally or

remotely, could use this issue to possibly crash the server. This issue

only affected Ubuntu 12.04 LTS. (CVE-2013-6424)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  xserver-xorg-core               2:1.16.0-1ubuntu1.3

Ubuntu 14.04 LTS:
  xserver-xorg-core               2:1.15.1-0ubuntu2.7
  xserver-xorg-core-lts-utopic    2:1.16.0-1ubuntu1.2~trusty2

Ubuntu 12.04 LTS:
  xserver-xorg-core               2:1.11.4-0ubuntu10.17
  xserver-xorg-core-lts-trusty    2:1.15.1-0ubuntu2~precise5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2500-1

CVE-2013-6424, CVE-2015-0255

Severity
critical
Lowest
Low
Medium
High
Critical

February 17, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.