Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Ubuntu 18.04 LTS USN-6587-2: critical X.Org Server DoS threats

ubuntu
Calendar Grey January 22, 2024
Dist Ubuntu Esm H88
Multiple security flaws in the X.Org X Server have been addressed in Ubuntu releases 16.04 and 18.04 LTS. Immediate update is highly recommended.
Several security issues were fixed in X.Org X Server.

Summary

Several security issues were fixed in X.Org X Server.

Software Description:

- xorg-server: X.Org X11 server

Details:

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides

the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An

attacker could possibly use this issue to cause the X Server to crash,

obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

reattaching to a different master device. An attacker could use this issue

to cause the X Server to crash, leading to a denial of service, or possibly

execute arbitrary code. (CVE-2024-0229)

Olivier Fourdan and Donn Seeley discovered that the X.Org X Server

incorrectly labeled GLX PBuffers when used with SELinux. An attacker could

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm4
  xwayland                        2:1.19.6-1ubuntu4.15+esm4

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm9
  xwayland                        2:1.18.4-0ubuntu0.12+esm9

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6587-2

https://ubuntu.com/security/notices/USN-6587-1

CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409,

CVE-2024-21885, CVE-2024-21886

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6587-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.