Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7085-2

Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-7085-2
October 30, 2024

xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

X.Org X Server could be made to crash or run programs if it received
specially crafted data.

Software Description:

  • xorg-server: X.Org X11 server
  • xorg-server-hwe-18.04: X.Org X11 server
  • xorg-server-hwe-16.04: X.Org X11 server

Details:

USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm9
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm1
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm9
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm14
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm6
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm14
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm6
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7085-2
https://ubuntu.com/security/notices/USN-7085-1
CVE-2024-9632

Related news

Gentoo Linux Security Advisory 202411-08

Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.

Red Hat Security Advisory 2024-9601-03

Red Hat Security Advisory 2024-9601-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-9579-03

Red Hat Security Advisory 2024-9579-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

Debian Security Advisory 5800-1

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

Ubuntu Security Notice USN-7085-1

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

Packet Storm: Latest News

Zeek 6.0.9