Sicherheit: Zwei Probleme in libx11

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3618145218543270393==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="tObPx56WKjnJwA1FMlmrTuk92yXQJAYBt"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tObPx56WKjnJwA1FMlmrTuk92yXQJAYBt
Content-Type: multipart/mixed;
boundary="W0w1S5xk9OB7r3JVOvgGhPw29ai78WkD0"

--W0w1S5xk9OB7r3JVOvgGhPw29ai78WkD0
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4487-1
September 02, 2020

libx11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libx11.

Software Description:
- libx11: None

Details:

Todd Carson discovered that libx11 incorrectly handled certain memory
operations. A local attacker could possibly use this issue to escalate
privileges. (CVE-2020-14344)

Jayden Rivers discovered that libx11 incorrectly handled locales. A local
attacker could possibly use this issue to escalate privileges.
(CVE-2020-14363)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libx11-6 2:1.6.9-2ubuntu1.1

Ubuntu 18.04 LTS:
libx11-6 2:1.6.4-3ubuntu0.3

Ubuntu 16.04 LTS:
libx11-6 2:1.6.3-1ubuntu2.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://usn.ubuntu.com/4487-1
CVE-2020-14344, CVE-2020-14363

Package Information:
https://launchpad.net/ubuntu/+source/libx11/2:1.6.9-2ubuntu1.1
https://launchpad.net/ubuntu/+source/libx11/2:1.6.4-3ubuntu0.3
https://launchpad.net/ubuntu/+source/libx11/2:1.6.3-1ubuntu2.2

--W0w1S5xk9OB7r3JVOvgGhPw29ai78WkD0--

--tObPx56WKjnJwA1FMlmrTuk92yXQJAYBt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9PokEACgkQZWnYVadE
vpNdvA/8C2NMWWQNLvRcotQ+/Q3tihKeSTADDi7FQlTKLt5gveaoQtoceDUqqLXl
CKOuWyjZUQg/HULZG3BEn7Epc142NKuodDKB0zJVl6eA6aCARsvPNaHiHQe09t8Z
cqLZVyhGxAZRW3HfKVCJRDhOQlaLxVn2S2Kb7YzzjQS0tSe6cvs2iClfjwraQ5pW
RFyzv2bE5jQUVZc9+aRSpOeHu6JkD7Bvf9awfDf2lGmR0XkCaaw6mhlFHVtmqrbA
QLpv5RLZ5xa+t16fOF/qUtFXajAQ/0YahOjpC8v4S51YbvJy7RYUi1uwuh1y9hLH
zZ7CxwcS6M3koDIKxeWGTZ/NxIJt+UBNrw0mt5Flrtt6XlyV0D+B0LAmglCBuADX
AWf+1bIIupcltFJcc5xomemOqh94dN8pBBpwjHIwIawZYf+scUB5IGQcrhqHQ5Cj
7ufuKAWpiqjiiHO8DC3sXKIM3wRfqQTBdLkRatfUnRdY2mWLgbngczRXSeRrmatX
HfWqdUU+ZhI0xBebfOoRPZijzruQxnxnckMoWJ0wjdc1IPIVWhVLNCk0Xx53bnRR
YgTjCoh8J//081jogBQJRc9C+gkjAPlyeQnyw16jeLrPr7wbPbQ1LTffiNGZ3bmo
ZWodbqG9jnjDwuE3f/1/MhMgRS4MLV5vNL21a7KrDD3n1fCEEEU=
=5qR9
-----END PGP SIGNATURE-----

--tObPx56WKjnJwA1FMlmrTuk92yXQJAYBt--

--===============3618145218543270393==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3618145218543270393==--