============================================================================ Ubuntu Security Notice USN-2436-2 December 10, 2014 xorg-server, xorg-server-lts-trusty vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2436-1 contained incomplete fixes for the X.Org X server. Software Description: - xorg-server: X.Org X11 server - xorg-server-lts-trusty: Xorg X server - source files Details: USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory details: Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: xserver-xorg-core 2:1.16.0-1ubuntu1.2 Ubuntu 14.04 LTS: xserver-xorg-core 2:1.15.1-0ubuntu2.5 Ubuntu 12.04 LTS: xserver-xorg-core 2:1.11.4-0ubuntu10.16 xserver-xorg-core-lts-trusty 2:1.15.1-0ubuntu2~precise4 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2436-2 http://www.ubuntu.com/usn/usn-2436-1 https://launchpad.net/bugs/1400942 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.16.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/xorg-server/2:1.15.1-0ubuntu2.5 https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.16 https://launchpad.net/ubuntu/+source/xorg-server-lts-trusty/2:1.15.1-0ubuntu2~precise4