Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 14 articles for you...
172
security advisorydenial of serviceupdateUbuntu 20.04: USN-7573-2 critical: X.Org X Server Denial of Service
Several security issues were fixed in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-7573-2 June 18, 2025 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xorg-server-hwe-18.04: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Details: USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, obtain sensitive information, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.20+esm1 Available with Ubuntu Pro xwayland 2:1.20.13-1ubuntu1~20.04.20+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm13 Available with Ubuntu Pro xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5 Available with Ubuntu Pro xwayland 2:1.19.6-1ubuntu4.15+esm13 Available with Ubuntu Pro xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm18 Available with Ubuntu Pro xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10 Available with Ubuntu Pro xwayland 2:1.18.4-0ubuntu0.12+esm18 Available with Ubuntu Pro xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7573-2 https://ubuntu.com/security/notices/USN-7573-1 CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 . Ubuntu updates address several vulnerabilities in the X.Org X Server. Immediate intervention and updates are necessary to fix these critical security flaws.. Ubuntu security update,X.Org X Server,denial of service,X11 security,system patching. . Severity: Critical. LinuxSecurity.com Team
Jun 18, 2025
•Critical
Ubuntu
217
security advisoryupdatexorg serverOracle Linux 7: ELSA-2025-2879 Important: xorg-x11-server multiple fixes
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-2879 http://linux.oracle.com/errata/ELSA-2025-2879.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-29.0.1.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-29.0.1.el7_9.x86_64.rpm xorg-x11-server-source-1.20.4-29.0.1.el7_9.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//xorg-x11-server-1.20.4-29.0.1.el7_9.src.rpm Related CVEs: CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601 Description of changes: [1.20.4-29.0.1] - Fixed CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 - CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 - CVE-2025-26601 [Orabug: 37712847] _______________________________________________ El-errata mailing list
Apr 08, 2025
•Important
Oracle
202
security advisorymoderateupdateopenSUSE: 2025:0984-1 moderate: xorg-x11-server Advisory Security Update
An update that solves one vulnerability can now be installed.. # Security update for xorg-x11-server Announcement ID: SUSE-SU-2025:0984-1 Release Date: 2025-03-21T17:44:55Z Rating: moderate References: * bsc#1239750 Cross-References: * CVE-2022-49737 CVSS scores: * CVE-2022-49737 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-49737 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49737 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2022-49737: Fixed Xorg crashing when client applications use easystroke for mouse gestures (bsc#1239750) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-984=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-984=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-984=1 openSUSE-SLE-15.6-2025-984=1 ## Package List: * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-21.1.11-150600.5.9.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.9.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-debugsource-21.1.11-150600.5.9.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.9.1 *xorg-x11-server-21.1.11-150600.5.9.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-sdk-21.1.11-150600.5.9.1 * xorg-x11-server-debugsource-21.1.11-150600.5.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-21.1.11-150600.5.9.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.9.1 * xorg-x11-server-sdk-21.1.11-150600.5.9.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-debugsource-21.1.11-150600.5.9.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.9.1 * xorg-x11-server-source-21.1.11-150600.5.9.1 * xorg-x11-server-21.1.11-150600.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49737.html * https://bugzilla.suse.com/show_bug.cgi?id=1239750 . Ensure system stability with the latest openSUSE update for xorg-x11-server, addressing critical issues effectively.. update, solves, vulnerability, installed, security, xorg-x11-server. . LinuxSecurity.com Team
Mar 21, 2025
OpenSUSE
91
security advisoryhigh severitygentooGentoo: GLSA-202411-08 High: X.Org X Server & XWayland Privilege Escalation
A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202411-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X server, XWayland: Multiple Vulnerabilities Date: November 17, 2024 Bugs: #928531, #942465 ID: 202411-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Background ========== The X Window System is a graphical windowing system based on a client/server model. Affected packages ================= Package Vulnerable Unaffected -------------------- ------------ ------------ x11-base/xorg-server < 21.1.14 > = 21.1.14 x11-base/xwayland < 24.1.4 > = 24.1.4 Description =========== Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All X.Org X server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =x11-base/xorg-server-21.1.14" All XWayland users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =x11-base/xwayland-24.1.4" References ========== [ 1 ] CVE-2024-9632 https://nvd.nist.gov/vuln/detail/CVE-2024-9632 [ 2 ] CVE-2024-31080 https://nvd.nist.gov/vuln/detail/CVE-2024-31080 [ 3 ] CVE-2024-31081 https://nvd.nist.gov/vuln/detail/CVE-2024-31081 [ 4 ] CVE-2024-31082 https://nvd.nist.gov/vuln/detail/CVE-2024-31082 [ 5 ] CVE-2024-31083 https://nvd.nist.gov/vuln/detail/CVE-2024-31083 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202411-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 17, 2024
Gentoo
172
security advisorymoderate severityinformation exposureUbuntu 23.10: USN-6721-2 Moderate: X.Org X Server Information Exposure
A regression was fixed in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-6721-2 April 09, 2024 xorg-server, xwayland regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: A regression was fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland Details: USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: xserver-xorg-core 2:21.1.7-3ubuntu2.9 xwayland 2:23.2.0-1ubuntu0.6 Ubuntu 22.04 LTS: xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.10 xwayland 2:22.1.1-1ubuntu0.13 Ubuntu 20.04 LTS: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.17 xwayland 2:1.20.13-1ubuntu1~20.04.17 Ubuntu 18.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm8 xwayland 2:1.19.6-1ubuntu4.15+esm8 Ubuntu 16.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm13 xwayland 2:1.18.4-0ubuntu0.12+esm13 Ubuntu 14.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm12 After a standard system update you need to restart -APP- to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6721-2 https://ubuntu.com/security/notices/USN-6721-1 https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2060354 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.9 https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.6 https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.10 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.13 https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.17 . Ubuntu USN-6721-3 addresses critical vulnerabilities in the X.Org X Server across several versions. Immediate update is advised.. Xorg Server Update, Ubuntu Security, Xwayland Fix, Linux Updates, Security Notices. . LinuxSecurity.com Team
Apr 09, 2024
Ubuntu
172
security advisoryupdatememory issueUbuntu 14.04 LTS USN-6587-5 Moderate: X.Org DoS Threats
Several security issues were fixed in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-6587-5 March 13, 2024 xorg-server vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org XServer incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm9 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6587-5 https://ubuntu.com/security/notices/USN-6587-1 CVE-2023-6478, CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-21885, CVE-2024-21886 . Concerning security flaws in the X.Org X Server, this notification details the problems identified and the corresponding updates required for Debian-based operating systems.. Ubuntu Vulnerabilities, X.Org Security, Linux Updates, Denial of Service, Security Advisories. . LinuxSecurity.com Team
Mar 13, 2024
Ubuntu
217
security advisorysecurity issueupdateOracle Linux 7 ELSA-2024-0320 critical: Xorg server update
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0320 https://linux.oracle.com/errata/ELSA-2024-0320.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-27.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-27.el7_9.x86_64.rpm xorg-x11-server-source-1.20.4-27.el7_9.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//xorg-x11-server-1.20.4-27.el7_9.src.rpm Related CVEs: CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886 Description of changes: [1.20.4-27] - Fix use after free related to CVE-2024-21886 [1.20.4-26] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/plugins/servlet/samlsso Resolves: https://issues.redhat.com/plugins/servlet/samlsso Resolves: https://issues.redhat.com/plugins/servlet/samlsso Resolves: https://issues.redhat.com/plugins/servlet/samlsso Resolves: https://issues.redhat.com/plugins/servlet/samlsso Resolves: https://issues.redhat.com/plugins/servlet/samlsso _______________________________________________ El-errata mailing list
Jan 23, 2024
•Critical
Oracle
217
security advisorysoftware updatecritical updateOracle Linux 7: ELSA-2023-6802 Critical Update for Xorg Server
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-6802 https://linux.oracle.com/errata/ELSA-2023-6802.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: xorg-x11-server-Xdmx-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-Xnest-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-Xorg-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-Xvfb-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-common-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-devel-1.20.4-24.el7_9.i686.rpm xorg-x11-server-devel-1.20.4-24.el7_9.x86_64.rpm xorg-x11-server-source-1.20.4-24.el7_9.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//xorg-x11-server-1.20.4-24.el7_9.src.rpm Related CVEs: CVE-2023-5367 Description of changes: [1.20.4-24] - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/plugins/servlet/samlsso _______________________________________________ El-errata mailing list
Nov 09, 2023
•Critical
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!