Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 18.04 & 16.04 USN-6555-2 critical: X.Org X Server exploits

ubuntu
Calendar Grey December 13, 2023
Dist Ubuntu Esm H88
The X.Org X Server team has implemented a significant update for Ubuntu 16.04 and 18.04 LTS, fixing critical vulnerabilities.
Several security issues were fixed in X.Org X Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-6377) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478)

Topics%20covered

Topics Covered

security advisory arbitrary code execution information disclosure ubuntu escalation xorg

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm3 xwayland 2:1.19.6-1ubuntu4.15+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm8 xwayland 2:1.18.4-0ubuntu0.12+esm8 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6555-2

https://ubuntu.com/security/notices/USN-6555-1

CVE-2023-6377, CVE-2023-6478

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6555-2

Topics%20covered

Topics Covered

security advisory arbitrary code execution information disclosure ubuntu escalation xorg

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here