USN-1990-1: X.Org X server vulnerabilities
17 October 2013
The X.Org X server could be made to crash or run programs as an administrator if it received specially crafted input.
Releases
Packages
- xorg-server - X.Org X11 server
- xorg-server-lts-quantal - X.Org X11 server
- xorg-server-lts-raring - X.Org X11 server
Details
Pedro Ribeiro discovered that the X.Org X server incorrectly handled
memory operations when handling ImageText requests. An attacker could use
this issue to cause X.Org to crash, or to possibly execute arbitrary code.
(CVE-2013-4396)
It was discovered that non-root X.Org X servers such as Xephyr incorrectly
used cached xkb files. A local attacker could use this flaw to cause a xkb
cache file to be loaded by another user, resulting in a denial of service.
(CVE-2013-1056)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
-
xserver-xorg-core-lts-quantal
-
2:1.13.0-0ubuntu6.1~precise4
-
xserver-xorg-core
-
2:1.11.4-0ubuntu10.14
-
xserver-xorg-core-lts-raring
-
2:1.13.3-0ubuntu6~precise3
After a standard system update you need to reboot your computer to make
all the necessary changes.