Headline
Ubuntu Security Notice USN-5510-1
Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
==========================================================================
Ubuntu Security Notice USN-5510-1
July 12, 2022
xorg-server, xorg-server-hwe-18.04, xwayland vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: Xwayland X server
- xorg-server-hwe-18.04: X.Org X11 server
Details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.3-2ubuntu2.1
xwayland 2:22.1.1-1ubuntu0.1
Ubuntu 21.10:
xserver-xorg-core 2:1.20.13-1ubuntu1.2
xwayland 2:21.1.2-0ubuntu1.2
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.3
xwayland 2:1.20.13-1ubuntu1~20.04.3
Ubuntu 18.04 LTS:
xserver-xorg-core 2:1.19.6-1ubuntu4.11
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.7
xwayland 2:1.19.6-1ubuntu4.11
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.7
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5510-1
CVE-2022-2319, CVE-2022-2320
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.3-2ubuntu2.1
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1.2
https://launchpad.net/ubuntu/+source/xwayland/2:21.1.2-0ubuntu1.2
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.3
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.11
https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.7
Related news
Red Hat Security Advisory 2022-8222-01 - Xwayland is an X server for running X clients under Wayland. Issues addressed include an out of bounds access vulnerability.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
An update for xorg-x11-server, xorg-x11-server-Xwayland, and xorg-x11-xtrans-devel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
Gentoo Linux Security Advisory 202210-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in remote code execution. Versions less than 21.1.4 are affected.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
Ubuntu Security Notice 5510-2 - USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.