Headline
Ubuntu Security Notice USN-5510-2
Ubuntu Security Notice 5510-2 - USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
=========================================================================Ubuntu Security Notice USN-5510-2July 12, 2022xorg-server, xorg-server-hwe-16.04 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Several security issues were fixed in X.Org X Server.Software Description:- xorg-server: X.Org X11 server- xorg-server-hwe-16.04: X.Org X11 serverDetails:USN-5510-1 fixed several vulnerabilities in X.Org. This update providesthe corresponding update for Ubuntu 16.04 ESM.Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm2 xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm1 xwayland 2:1.18.4-0ubuntu0.12+esm2 xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm1After a standard system update you need to reboot your computer to make allthe necessary changes.References: https://ubuntu.com/security/notices/USN-5510-2 https://ubuntu.com/security/notices/USN-5510-1 CVE-2022-2319, CVE-2022-2320
Related news
Red Hat Security Advisory 2022-8222-01 - Xwayland is an X server for running X clients under Wayland. Issues addressed include an out of bounds access vulnerability.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
An update for xorg-x11-server, xorg-x11-server-Xwayland, and xorg-x11-xtrans-devel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
Gentoo Linux Security Advisory 202210-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in remote code execution. Versions less than 21.1.4 are affected.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension
Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.