Your submission was sent successfully! Close

USN-939-1: X.org vulnerabilities

18 May 2010

A remote attacker could trigger a crash in X.org. In addition, the xvfb-run tool left the session cookie visible when launching X.org.

Releases

Packages

Details

Loïc Minier discovered that xvfb-run did not correctly keep the
X.org session cookie private. A local attacker could gain access
to any local sessions started by xvfb-run. Ubuntu 9.10 was not
affected. (CVE-2009-1573)

It was discovered that the X.org server did not correctly handle
certain calculations. A remote attacker could exploit this to
crash the X.org session or possibly run arbitrary code with root
privileges. (CVE-2010-1166)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04

After a standard system update you need to restart your session to make
all the necessary changes.