USN-6555-1: X.Org X Server vulnerabilities
13 December 2023
Several security issues were fixed in X.Org X Server.
Releases
Packages
- xorg-server - X.Org X11 server
- xwayland - X server for running X clients under Wayland
Details
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB
button actions. An attacker could possibly use this issue to cause the X
Server to crash, execute arbitrary code, or escalate privileges.
(CVE-2023-6377)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the RRChangeOutputProperty and
RRChangeProviderProperty APIs. An attacker could possibly use this issue to
cause the X Server to crash, or obtain sensitive information.
(CVE-2023-6478)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 23.04
Ubuntu 22.04
Ubuntu 20.04
After a standard system update you need to reboot your computer to make all
the necessary changes.
References
Related notices
- USN-6555-2: xserver-common, xserver-xorg-xmir, xmir, xnest, xorg-server, xwayland, xserver-xorg-dev, xvfb, xserver-xorg-core, xserver-xorg-legacy, xserver-xephyr, xorg-server-source, xdmx, xdmx-tools
- USN-6587-5: xserver-common, xserver-xorg-xmir, xnest, xorg-server, xserver-xorg-dev, xvfb, xserver-xorg-core, xserver-xephyr, xorg-server-source, xdmx, xdmx-tools