Ubuntu Security Notice USN-6453-2

Ubuntu Security Notice USN-6453-2: Posted Nov 13, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6453-2 - USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges.; tags | advisory, arbitrary, vulnerability; systems | linux, ubuntu; advisories | CVE-2023-5367, CVE-2023-5380; SHA-256 | 89f1be48ed5cce8b06a6488cd2af46b1ad1433239e258f605714fac81856c050; Download | Favorite | View

Ubuntu Security Notice USN-6453-2

==========================================================================
Ubuntu Security Notice USN-6453-2
October 31, 2023

xorg-server vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in X.Org X Server, xwayland.

Software Description:
- xorg-server: X.Org X11 server

Details:

USN-6453-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.

Original advisory details:

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
 prepending values to certain properties. An attacker could possibly use
 this issue to cause the X Server to crash, execute arbitrary code, or
 escalate privileges. (CVE-2023-5367)

 Sri discovered that the X.Org X Server incorrectly handled detroying
 windows in certain legacy multi-screen setups. An attacker could possibly
 use this issue to cause the X Server to crash, execute arbitrary code, or
 escalate privileges. (CVE-2023-5380)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm1
  xwayland                        2:1.19.6-1ubuntu4.15+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm6
  xwayland                        2:1.18.4-0ubuntu0.12+esm6

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  xserver-xorg-core               2:1.15.1-0ubuntu2.11+esm8

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6453-2
  https://ubuntu.com/security/notices/USN-6453-1
  CVE-2023-5367, CVE-2023-5380

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 63 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
gabe_k 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Ubuntu Security Notice USN-6453-2

Ubuntu Security Notice USN-6453-2

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6453-2

Share This

Ubuntu Security Notice USN-6453-2

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems