Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu 14.04 LTS USN-6587-5 Moderate: X.Org DoS Threats

ubuntu
Calendar Grey March 13, 2024
Dist Ubuntu Esm H88
Concerning security flaws in the X.Org X Server, this notification details the problems identified and the corresponding updates required for Debian-based operating systems.
Several security issues were fixed in X.Org X Server.

Summary

Several security issues were fixed in X.Org X Server.

Software Description:

- xorg-server: X.Org X11 server

Details:

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides

the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

memory when processing the RRChangeOutputProperty and

RRChangeProviderProperty APIs. An attacker could possibly use this issue to

cause the X Server to crash, or obtain sensitive information.

(CVE-2023-6478)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An

attacker could possibly use this issue to cause the X Server to crash,

obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled

reattaching to a different master device. An attacker could use this issue

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.15.1-0ubuntu2.11+esm9

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-6587-5

https://ubuntu.com/security/notices/USN-6587-1

CVE-2023-6478, CVE-2023-6816, CVE-2024-0229, CVE-2024-0408,

CVE-2024-21885, CVE-2024-21886

Ubuntu Security Notice USN-6587-5

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.