UbuntuUSN-6587-4X.Org X Server regression
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.7%
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- xorg-server - X.Org X11 server
Details
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | xserver-xorg-core | < 2:1.19.6-1ubuntu4.15+esm5 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xdmx | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xdmx-dbgsym | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xdmx-tools | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xdmx-tools-dbgsym | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xmir | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xmir-dbgsym | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xnest | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xnest-dbgsym | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| Ubuntu | 18.04 | noarch | xorg-server-source | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.7%