USN-6555-1: X.Org X Server vulnerabilities
13 December 2023
Several security issues were fixed in X.Org X Server.
Releases
Packages
- xorg-server - X.Org X11 server
- xwayland - X server for running X clients under Wayland
Details
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB
button actions. An attacker could possibly use this issue to cause the X
Server to crash, execute arbitrary code, or escalate privileges.
(CVE-2023-6377)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the RRChangeOutputProperty and
RRChangeProviderProperty APIs. An attacker could possibly use this issue to
cause the X Server to crash, or obtain sensitive information.
(CVE-2023-6478)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 23.04
Ubuntu 22.04
Ubuntu 20.04
After a standard system update you need to reboot your computer to make all
the necessary changes.
References
Related notices
- USN-6555-2: xnest, xvfb, xserver-xorg-dev, xserver-common, xwayland, xserver-xorg-legacy, xorg-server-source, xorg-server, xdmx-tools, xserver-xorg-core, xserver-xorg-xmir, xmir, xdmx, xserver-xephyr
- USN-6587-5: xnest, xvfb, xserver-xorg-dev, xserver-common, xorg-server-source, xorg-server, xdmx-tools, xserver-xorg-core, xserver-xorg-xmir, xdmx, xserver-xephyr