USN-3622-1: Wayland vulnerability
9 April 2018
Wayland could be made to crash or run programs if it opened a specially crafted file.
Releases
Packages
- wayland - Wayland compositor infrastructure
Details
It was discovered that the Wayland Xcursor support incorrectly handled
certain files. An attacker could use these issues to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10
Ubuntu 16.04
-
libwayland-bin
-
1.12.0-1~ubuntu16.04.3
-
libwayland-client0
-
1.12.0-1~ubuntu16.04.3
-
libwayland-cursor0
-
1.12.0-1~ubuntu16.04.3
-
libwayland-dev
-
1.12.0-1~ubuntu16.04.3
-
libwayland-doc
-
1.12.0-1~ubuntu16.04.3
-
libwayland-server0
-
1.12.0-1~ubuntu16.04.3
Ubuntu 14.04
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-3501-1: libxcursor, libxcursor-dev, libxcursor1-udeb, libxcursor1