Headline
Ubuntu Security Notice USN-6721-2
Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.
==========================================================================
Ubuntu Security Notice USN-6721-2
April 09, 2024
xorg-server, xwayland regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
A regression was fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)
It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
xserver-xorg-core 2:21.1.7-3ubuntu2.9
xwayland 2:23.2.0-1ubuntu0.6
Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.10
xwayland 2:22.1.1-1ubuntu0.13
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.17
xwayland 2:1.20.13-1ubuntu1~20.04.17
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm8
xwayland 2:1.19.6-1ubuntu4.15+esm8
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm13
xwayland 2:1.18.4-0ubuntu0.12+esm13
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm12
After a standard system update you need to restart -APP- to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6721-2
https://ubuntu.com/security/notices/USN-6721-1
https://launchpad.net/bugs/2060354
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.9
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.6
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.10
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.13
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.17
Related news
Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.
Red Hat Security Advisory 2024-3343-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-2040-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-2039-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Debian Linux Security Advisory 5657-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.
Red Hat Security Advisory 2024-1785-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.
Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.