Ubuntu 23.10: USN-6587-3 Moderate: Xorg-Server Regression Fix
Jan 30, 2024
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
A regression was fixed in X.Org X Server
==========================================================================
Ubuntu Security Notice USN-6587-3
January 30, 2024
xorg-server, xwayland regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
A regression was fixed in X.Org X Server
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
xserver-xorg-core 2:21.1.7-3ubuntu2.7
Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.8
xwayland 2:22.1.1-1ubuntu0.11
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.15
xwayland 2:1.20.13-1ubuntu1~20.04.15
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6587-3
https://ubuntu.com/security/notices/USN-6587-1
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2051536
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.7
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.8
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.11
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.15
PREVIOUS
NEXT
Ubuntu 23.10: USN-6587-3 Moderate: Xorg-Server Regression Fix
ubuntu
January 30, 2024
A regression was fixed in X.Org X Server
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: A regression was fixed in X.Org X Server Software Description: - xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland Details: USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cau...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: xserver-xorg-core 2:21.1.7-3ubuntu2.7 Ubuntu 22.04 LTS: xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.8 xwayland 2:22.1.1-1ubuntu0.11 Ubuntu 20.04 LTS: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.15 xwayland 2:1.20.13-1ubuntu1~20.04.15 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6587-3
https://ubuntu.com/security/notices/USN-6587-1
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2051536
Severity
important
Lowest
Low
Medium
High
Critical
==========================================================================
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.7 https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.8 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.11 https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.15
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!