Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Ubuntu 18.04 LTS USN-3802-1: X.Org File Overwrite Risk Advisory

ubuntu
Calendar Grey October 26, 2018
Dist Ubuntu Esm H88
The X.Org X server in Ubuntu is vulnerable, potentially enabling local threats to modify files. It's crucial to implement updates to minimize risks.
X.Org X server could be made to overwrite files as the administrator.

Summary

X.Org X server could be made to overwrite files as the administrator.

Software Description:

- xorg-server: X.Org X11 server

- xorg-server-hwe-16.04: X.Org X11 server

Details:

Narendra Shinde discovered that the X.Org X server incorrectly handled

certain command line parameters when running as root with the legacy

wrapper. When certain graphics drivers are being used, a local attacker

could possibly use this issue to overwrite arbitrary files and escalate

privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  xserver-xorg-core               2:1.20.1-3ubuntu2.1

Ubuntu 18.04 LTS:
  xserver-xorg-core               2:1.19.6-1ubuntu4.2

Ubuntu 16.04 LTS:
  xserver-xorg-core-hwe-16.04     2:1.19.6-1ubuntu4.1~16.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3802-1

CVE-2018-14665

Severity
important
Lowest
Low
Medium
High
Critical

October 26, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.