Headline
Ubuntu Security Notice USN-6721-1
Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
==========================================================================
Ubuntu Security Notice USN-6721-1
April 04, 2024
xorg-server, xwayland vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in X.Org X Server, xwayland.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)
It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
xserver-xorg-core 2:21.1.7-3ubuntu2.8
xwayland 2:23.2.0-1ubuntu0.5
Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.9
xwayland 2:22.1.1-1ubuntu0.12
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.16
xwayland 2:1.20.13-1ubuntu1~20.04.16
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm7
xwayland 2:1.19.6-1ubuntu4.15+esm7
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm12
xwayland 2:1.18.4-0ubuntu0.12+esm12
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6721-1
CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.8
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.5
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.9
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.12
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.16
Related news
Red Hat Security Advisory 2024-3343-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-2040-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-2039-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Debian Linux Security Advisory 5657-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.
Red Hat Security Advisory 2024-1785-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7.
Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.