Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in X.Org (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in X.Org (Aktualisierung)
ID: USN-4488-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Mi, 9. September 2020, 23:17
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14347
Applikationen: X11
Update von: Mehrere Probleme in X.Org

Originalnachricht


--===============3347843417696557470==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4488-2
September 09, 2020

xorg-server vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in X.Org X Server.

Software Description:
- xorg-server: X.Org X11 server

Details:

USN-4488-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04
ESM.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the
input extension protocol. A local attacker could possibly use this issue to
escalate privileges. (CVE-2020-14346)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized
memory. A local attacker could possibly use this issue to obtain sensitive
information. (CVE-2020-14347)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the
XkbSelectEvents function. A local attacker could possibly use this issue to
escalate privileges. (CVE-2020-14361)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the
XRecordRegisterClients function. A local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14362)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the
XkbSetNames function. A local attacker could possibly use this issue to
escalate privileges. (CVE-2020-14345)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://usn.ubuntu.com/4488-2
https://usn.ubuntu.com/4488-1
CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361,
CVE-2020-14362

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9ZFT8ACgkQRbznW4QL
H2lCPBAAhDvmbIRtCNDUMHSIGUi9RYLO61hOuiYz9sND6DpHBOtIWiw2DOVRw8wp
9cBQ6PJTRYokP9iMiAISRpHr+1jsnAWvWEFOJP1sGCpjpJYvsPqm6QxGrLYiKZbD
ojW06/t5UaM+H9MBemyDJN0Zi9cmc3eHyQzd9iQEPpx+DzmTngrBjVnozwBs6WgU
wVB0OPlGkkR5iHyb649cHzCoN74Fz7poFeSyfBuHIeUF5BRymeti9DSIR5tv6Ovw
WLu1C/aDI6fmHAUUhCZBCBSgPWgvGjXo5KP5JwRviA0OmWjRI69/aR76meXeRNZt
m6yjVzOMeqry2oiNksPx1tG+XcB9kldaxQHZU0zQJS+HcU7F3oMwftBMBbIHm8ZW
tAWDvVfWPtrSPom7Tjei+kgr3m2a5nM5e7Rx1aBc8RxWEYpE4W5U+QozDQD4l+hp
thI5cCebXGredsc/hDzXZbHSQyMXTAx9oCP/IWabBxVt9t6Gsi+A+4LZteIJhnvv
Xe9x3yZZOZbr/m9W6EpOoTUiXl7rbVYU9N6LuY5bFQwT1xkesSGzK3Q25ujYzXx0
BwrZ3HsWDIXqHmQEAt2yFVUA7UYiS7op9a4hBwt0F2FQf8LN9wQo0hZdv1xwRYXd
QHnOw1vbRSm4XObtcz1NXTFRFenCmoWu4el3pSYOpCMaENAFZaQ=
=wCgL
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--


--===============3347843417696557470==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============3347843417696557470==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung