Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 466
Alerts This Week
Warning Icon 1 466

Ubuntu 18.04 & 16.04 LTS: USN-6587-4 Critical X.Org Server Issues

ubuntu
Calendar Grey February 1, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6588-5 highlights an issue in the OpenSSL library impacting various versions.
A regression was fixed in X.Org X Server.

Summary

A regression was fixed in X.Org X Server.

Software Description:

- xorg-server: X.Org X11 server

Details:

USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete

resulting in a possible regression. This update fixes the problem.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An

attacker could possibly use this issue to cause the X Server to crash,

obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

reattaching to a different master device. An attacker could use this issue

to cause the X Server to crash, leading to a denial of service, or possibly

execute arbitrary code. (CVE-2024-0229)

Olivier Fourdan and Donn Seeley discovered that the X.Org X Server

incorrectly labeled GLX PBuffers when used with SELinux. An attacker could

use this ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm5
  xwayland                        2:1.19.6-1ubuntu4.15+esm5

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm10
  xwayland                        2:1.18.4-0ubuntu0.12+esm10

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6587-4

https://ubuntu.com/security/notices/USN-6587-1

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6587-4

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.