Sicherheit: Ausführen beliebiger Kommandos in X.Org (Aktualisierung)

Lesezeichen hinzufügen

--===============6896193178007334279==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="2fHTh5uZTiUOsy+g"
Content-Disposition: inline

--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-7299-3
March 12, 2025

xorg-server, xwayland regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-7299-2 caused a regression in X.Org X Server.

Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server

Details:

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused
regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update
reverts it pending further investigation.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm11
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm11
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm16
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm16
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7299-3
https://ubuntu.com/security/notices/USN-7299-2
https://ubuntu.com/security/notices/USN-7299-1
https://launchpad.net/bugs/2101897

--2fHTh5uZTiUOsy+g
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmfRn4IACgkQRbznW4QL
H2njAhAAoCRxFzUuX/ghjD9XNCvejEFjwvMAkTVHRReV/MYgFBmB6oC+njrkdju8
TwFvmxn1z8sY8uk/qFomXP9xhKEHjvHmZ0PqKk7lGlX5rZJzmcUL7qSPTHBEW11K
YzFFXpN286YRkykCLNEQOkMYowk+IzbJEB/ceD3lzVJQvWw9W3evTLy4nkgnTRDQ
Yfb4AH7vUiynmbc0Z5RpQcL3j7CUZaDeR7tmY1OgkTv0n0JpQw7Uonp5x4ftwySY
e5qE3dWxtsGa4vepA5qFaZ2INXYy6zraQ8fuHnv97NQnTx4llEA02XbFQm+SHqbw
XczXGONBMyMRBvsa7+kfuDYI36p5vhD43f60ODcNfF8f/lW6FaO+Mz85OxUagldM
Q+knr53D8WpG0EZaHDEoNQpZLrXoyLiO1yDMTrD6nqjpX4JdtHKkPqQeORF5nBUa
V2M9l4MXq7M8TKWEjEvEIVJOhk5f5LpuShG8BDNq7FpNdxMMCWsI9bLpUsybWd21
4LOI7I/knadCR4AbAik7Y6gDCZVuAwzlysS+hLY5/R//ZpDRuQJ1VmXiE4O8ctUa
pSY0/HDIYFJqrlWGSZ/rUORXgwto4/esaiAS6EqzlVtsyqiI3fcUfHARUpvgpijI
uIWOLjMpdnE8z240/dwNhW2P5fA7uMXwn4fs2Apj6PSqlvcs/mI=
=jw7E
-----END PGP SIGNATURE-----

--2fHTh5uZTiUOsy+g--

--===============6896193178007334279==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--===============6896193178007334279==--