Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in X.Org
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in X.Org
ID: USN-5740-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM, Ubuntu 22.04 LTS, Ubuntu 22.10
Datum: Mi, 23. November 2022, 23:33
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.8
Applikationen: X11

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2196961183461528950==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------zAZG9KH4bJbNTR0sERmJNUNv"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------zAZG9KH4bJbNTR0sERmJNUNv
Content-Type: multipart/mixed;
boundary="------------E9Q0HgoNQvoXPxhoxqATVBbR";
protected-headers="v1"
From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>
Reply-To: Ubuntu Security Team <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <37dcb61b-3f1c-c507-a731-25482e9976d3@canonical.com>
Subject: [USN-5740-1] X.Org X Server vulnerabilities

--------------E9Q0HgoNQvoXPxhoxqATVBbR
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5740-1
November 23, 2022

xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xwayland
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in X.Org X Server.

Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server

Details:

It was discovered that X.Org X Server incorrectly handled certain inputs.
An attacker could use these issues to cause the server to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
xserver-xorg-core 2:21.1.4-2ubuntu1.1
xwayland 2:22.1.3-2ubuntu0.1

Ubuntu 22.04 LTS:
xserver-xorg-core 2:21.1.3-2ubuntu2.3
xwayland 2:22.1.1-1ubuntu0.3

Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.4
xwayland 2:1.20.13-1ubuntu1~20.04.4

Ubuntu 18.04 LTS:
xserver-xorg-core 2:1.19.6-1ubuntu4.12
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.8
xwayland 2:1.19.6-1ubuntu4.12

Ubuntu 16.04 ESM:
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm4
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm3
xwayland 2:1.18.4-0ubuntu0.12+esm4

Ubuntu 14.04 ESM:
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm6

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5740-1
CVE-2022-3550, CVE-2022-3551

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.1
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.3-2ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.3-2ubuntu2.3
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.3
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.4
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.12

https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.8
--------------E9Q0HgoNQvoXPxhoxqATVBbR--

--------------zAZG9KH4bJbNTR0sERmJNUNv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmN+gYgFAwAAAAAACgkQZ0GeRcM5nt3+
xwgAkPtwJ1opxWJR0oMS7LBK80hRIqISMqnQqHuyGSmYIAemjlwxabGEeQdpju/HgN6vlZWUjcKH
48EKoJgoUYNVvNTez6u6LQObSBQPLcdkkeEN6l9QtUs40UwNs9vp9e7fJIsJedzg9S9Rb6gLd0xY
z1RCv4f3nwCb/2zXYImWfSuMuaMhPA6Y2jxw3Ko/P3xFDua6REePBdn3hcrvTkklx8s1oCsfu/MC
MNqP5UFfb+fiRJaay4ryTJ3790I3MOvkdZZryf+nvCVE3OFEObuIKp+UhrkrvuptUcwwahC8vrIw
KGR20Ffj5O1KFIqQIs/jF/LgI7PYf1BqVb3q8XNiVg==
=J2P9
-----END PGP SIGNATURE-----

--------------zAZG9KH4bJbNTR0sERmJNUNv--


--===============2196961183461528950==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============2196961183461528950==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung