USN-2500-1: X.Org X server vulnerabilities
17 February 2015
Several security issues were fixed in the X.Org X server.
Releases
Packages
- xorg-server - X.Org X11 server
- xorg-server-lts-trusty - X.Org X11 server
- xorg-server-lts-utopic - X.Org X11 server
Details
Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that the X.Org X server incorrectly handled certain
trapezoids. An attacker able to connect to an X server, either locally or
remotely, could use this issue to possibly crash the server. This issue
only affected Ubuntu 12.04 LTS. (CVE-2013-6424)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Related notices
- USN-4772-1: vnc4server, vnc4, xvnc4viewer