USN-2500-1: X.Org X server vulnerabilities

Releases

• Ubuntu 14.10
• Ubuntu 14.04 ESM
• Ubuntu 12.04

Packages

• xorg-server - X.Org X11 server
• xorg-server-lts-trusty - X.Org X11 server
• xorg-server-lts-utopic - X.Org X11 server

Details

Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that the X.Org X server incorrectly handled certain
trapezoids. An attacker able to connect to an X server, either locally or
remotely, could use this issue to possibly crash the server. This issue
only affected Ubuntu 12.04 LTS. (CVE-2013-6424)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10

• xserver-xorg-core - 2:1.16.0-1ubuntu1.3

Ubuntu 14.04

• xserver-xorg-core - 2:1.15.1-0ubuntu2.7
• xserver-xorg-core-lts-utopic - 2:1.16.0-1ubuntu1.2~trusty2

Ubuntu 12.04

• xserver-xorg-core - 2:1.11.4-0ubuntu10.17
• xserver-xorg-core-lts-trusty - 2:1.15.1-0ubuntu2~precise5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

• CVE-2013-6424
• CVE-2015-0255

Related notices

• USN-4772-1: vnc4, xvnc4viewer, vnc4server