Your submission was sent successfully! Close

USN-1990-1: X.Org X server vulnerabilities

17 October 2013

The X.Org X server could be made to crash or run programs as an administrator if it received specially crafted input.

Releases

Packages

Details

Pedro Ribeiro discovered that the X.Org X server incorrectly handled
memory operations when handling ImageText requests. An attacker could use
this issue to cause X.Org to crash, or to possibly execute arbitrary code.
(CVE-2013-4396)

It was discovered that non-root X.Org X servers such as Xephyr incorrectly
used cached xkb files. A local attacker could use this flaw to cause a xkb
cache file to be loaded by another user, resulting in a denial of service.
(CVE-2013-1056)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04

After a standard system update you need to reboot your computer to make
all the necessary changes.