-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmU5XWoACgkQZWnYVadE
vpMerA/8DzK5XZfGk6J4Nc1haCvNwD6O8L1nSw4pm7ggBBGa2AQw/hFwHvzvnrlM
V0UP9T6y0mXJ2rQyb8A2mSKlSWxBUeruNl5eIjVOe3QXNBBsa+qpUjWkhUKbb7FG
SkiSBxGQQJGgDOMrild748zVrNs+F9NenK6SI53oGGoApRUV89TWVUA39t7mCHEv
Q4AMWmdj3wRKr5nH0mgQ74+k51mSqxOhL2Js8jZOoA/Dj1Ik3CWUyx1odQ3WWkkz
mQs/w2QXVoZFipDa9dS3cTQ9MIkhL9UP8zA0U4Yw20u2MPIwGFPLdEE22G/z6LJr
+d9rVJ8YjGGj7YqAxN/pE1X7nAeSGr2kzWsdREhE+rRNcYwfw6ODVy3MtNzuGdSn
kQgr9YEd8w8PYausu2qiIyCpfrQVaKZfkbuCihqFFwGUrTv0YFTyTliakuCVzMly
RPAK8c6LW/N52E6sTs5W2Bcdl2sZqufgv8Ob9bO4+bsUMz7l0dZnpk54Q/ZGwrMG
Te0cjOEn783/XY0uK3+l0JsikEjYkA8YFEGWV80UD0LMHgqNHkEJ1UtA7Kp1CS5L
y27+t47RizEj50FsXKz2QHcmr1QHQ/5qvUoyGm11PFpLVfeYhrLaSniaHHoGHNeI
Tm1F9yo02ANhdjwASjq+K8CrZN1ghANrYFGIDuEU+T8qu/15Gdc=
=M4aO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6453-1
October 25, 2023
xorg-server, xwayland vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in X.Org X Server, xwayland.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
prepending values to certain properties. An attacker could possibly use
this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5367)
Sri discovered that the X.Org X Server incorrectly handled detroying
windows in certain legacy multi-screen setups. An attacker could possibly
use this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5380)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
xserver-xorg-core 2:21.1.7-3ubuntu2.1
xwayland 2:23.2.0-1ubuntu0.1
Ubuntu 23.04:
xserver-xorg-core 2:21.1.7-1ubuntu3.1
xwayland 2:22.1.8-1ubuntu1.1
Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.2
xwayland 2:22.1.1-1ubuntu0.7
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.9
xwayland 2:1.20.13-1ubuntu1~20.04.9
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6453-1
CVE-2023-5367, CVE-2023-5380
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.1
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-1ubuntu3.1
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.8-1ubuntu1.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.2
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.7
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.9
No comments:
Post a Comment