Lucene search

UbuntuUSN-6721-2

HistoryApr 09, 2024 - 12:00 a.m.

X.Org X Server regression

2024-04-0900:00:00

ubuntu.com

ubuntu 23.10

ubuntu 22.04 lts

ubuntu 20.04 lts

ubuntu 18.04 esm

ubuntu 16.04 esm

ubuntu 14.04 esm

x.org x server

xorg-server

xwayland

regression

data handling vulnerability

incomplete fix

sensitive information exposure

crash vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Releases

Ubuntu 23.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

xorg-server - X.Org X11 server
xwayland - X server for running X clients under Wayland

Details

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.10noarchxserver-xorg-core< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxnest< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxnest-dbgsym< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxorg-server-source< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-common< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-xephyr< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-xephyr-dbgsym< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-xorg-core-dbgsym< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-xorg-dev< 2:21.1.7-3ubuntu2.9UNKNOWN
Ubuntu23.10noarchxserver-xorg-legacy< 2:21.1.7-3ubuntu2.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	23.10	noarch	xserver-xorg-core	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xnest	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xnest-dbgsym	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xorg-server-source	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-common	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-xephyr	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-xephyr-dbgsym	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-xorg-core-dbgsym	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-xorg-dev	< 2:21.1.7-3ubuntu2.9	UNKNOWN
Ubuntu	23.10	noarch	xserver-xorg-legacy	< 2:21.1.7-3ubuntu2.9	UNKNOWN