Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisoryDoS issueUbuntuUbuntu 23.10 USN-6587-1 critical: X.Org X Server DoS threats
Several security issues were fixed in X.Org X Server.. ========================================================================== Ubuntu Security Notice USN-6587-1 January 16, 2024 xorg-server, xwayland vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland Details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. Anattacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: xserver-xorg-core 2:21.1.7-3ubuntu2.6 xwayland 2:23.2.0-1ubuntu0.4 Ubuntu 23.04: xserver-xorg-core 2:21.1.7-1ubuntu3.6 xwayland 2:22.1.8-1ubuntu1.4 Ubuntu 22.04 LTS: xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.7 xwayland 2:22.1.1-1ubuntu0.10 Ubuntu 20.04 LTS: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.14 xwayland 2:1.20.13-1ubuntu1~20.04.14 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6587-1 CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.6 https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.4 https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-1ubuntu3.6 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.8-1ubuntu1.4 https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.7 https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.10 https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.14 . Crucial software updates for the X.Org X Server enhance Ubuntu's safeguards against potential vulnerabilities.. XOrg Security Notice, Ubuntu Security Update, XServer Crash Fix. . Severity: Critical. LinuxSecurity.com Team
Jan 16, 2024
•Critical
Ubuntu
91
security advisorydenial of servicegentooGentoo: GLSA-202303-10 Moderate: X.Org X Server Memory Leak Vulnerability
Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-64 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.Org X Server: Multiple vulnerabilities Date: January 25, 2017 Bugs: #493294, #548002, #551680 ID: 201701-64 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in X.Org X Server, the worst of which may allow authenticated attackers to read from or send information to arbitrary X11 clients. Background ========= The X Window System is a graphical windowing system based on a client/server model. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-base/xorg-server < 1.18.4 > = 1.18.4 Description ========== Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact ===== An authenticated attacker could possibly cause a Denial of Service condition or read from or send information to arbitrary X11 clients. Workaround ========= There is no known workaround at this time. Resolution ========= All X.Org X Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =x11-base/xorg-server-1.18.4" References ========= [ 1 ] CVE-2013-6424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6424 [ 2 ]CVE-2015-3164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3164 [ 3 ] CVE-2015-3418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3418 [ 4 ] X.Org/Wayland Security Advisory: Missing authentication in XWayland https://lists.x.org/archives/xorg-announce/2015-June/002611.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-64 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 25, 2017
Gentoo
172
security advisorydenial of servicecode executionUbuntu 11.10 USN-1232-1 Critical: X.Org X Server Code Execution Risk
The X server could be made to crash, run programs as an administrator, or read arbitrary files.. =========================================================================Ubuntu Security Notice USN-1232-1 October 18, 2011 xorg-server vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: The X server could be made to crash, run programs as an administrator, or read arbitrary files. Software Description: - xorg-server: X.Org X server Details: It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: xserver-xorg-core 2:1.10.4-1ubuntu4.1 Ubuntu 11.04: xserver-xorg-core 2:1.10.1-1ubuntu1.3 Ubuntu 10.10: xserver-xorg-core 2:1.9.0-0ubuntu7.5 Ubuntu 10.04 LTS: xserver-xorg-core 2:1.7.6-2ubuntu7.8 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1232-1 CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.4-1ubuntu4.1 https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.1-1ubuntu1.3 https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.5 https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.8 . Critical vulnerabilities identified in the X.Org X server affect Ubuntu versions from 10.04 to 11.10, necessitating immediate system updates to address security flaws.. X.Org Server Exploits, Ubuntu Security Patch, X.Org Vulnerability Fix. . Severity: Critical. LinuxSecurity.com Team
Oct 18, 2011
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!