Ubuntu Security Notice 6407-2 - USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code.
905c7909ee49daa903a1e52d786abc5e846fb1ff620af1440b725abdd9e3d929
==========================================================================
Ubuntu Security Notice USN-6407-2
October 10, 2023
libx11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in libx11.
Software Description:
- libx11: X11 client-side library
Details:
USN-6407-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Gregory James Duck discovered that libx11 incorrectly handled certain
keyboard symbols. If a user were tricked into connecting to a malicious X
server, a remote attacker could use this issue to cause libx11 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-43785)
Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)
Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libx11 to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libx11-6 2:1.6.4-3ubuntu0.4+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libx11-6 2:1.6.3-1ubuntu2.2+esm4
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libx11-6 2:1.6.2-1ubuntu2.1+esm5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6407-2
https://ubuntu.com/security/notices/USN-6407-1
CVE-2023-43785, CVE-2023-43786, CVE-2023-43787