==========================================================================
Ubuntu Security Notice USN-4656-1
December 01, 2020
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
– xorg-server: X.Org X11 server
– xorg-server-hwe-18.04: X.Org X11 server
– xorg-server-hwe-16.04: X.Org X11 server
Details:
Jan-Niklas Sohn discovered that the X.Org X Server XKB extension
incorrectly handled certain inputs. A local attacker could possibly use
this issue to escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
xserver-xorg-core 2:1.20.9-2ubuntu1.1
Ubuntu 20.04 LTS:
xserver-xorg-core 2:1.20.8-2ubuntu2.6
Ubuntu 18.04 LTS:
xserver-xorg-core 2:1.19.6-1ubuntu4.8
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.4
Ubuntu 16.04 LTS:
xserver-xorg-core 2:1.18.4-0ubuntu0.11
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://usn.ubuntu.com/4656-1
CVE-2020-14360, CVE-2020-25712
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.9-2ubuntu1.1
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.8-2ubuntu2.6
https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.8
https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.4
https://launchpad.net/ubuntu/+source/xorg-server/2:1.18.4-0ubuntu0.11
https://launchpad.net/ubuntu/+source/xorg-server-hwe-16.04/2:1.19.6-1ubuntu4.1~16.04.5
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/GebEACgkQZWnYVadE
vpPbYg//bhJnasWC5rH84n+v2JGovvUPh6hw1o4aXXotPwaAxdrMYc2RqI+vdDdA
x6Q2iJSZ8Lzx3zsasfwn7ScQKtK6UyPl1fzZW3fLCXURxSJD1CDy+ZZUoFomq7jc
x9oXs9JQ8yyR/Vh6+Osqov+p18RppAC88ZyZo8N83b4VXUhSE9TnEUW9T0h12v9T
W/WnzksIM56b5Ok05K2SlyJ0VVDaa35zC/83dArNk3TyznG+fAYfdeK9+oEyoGTj
dxgJi6LQF9CAVdA3Pb9ud/8LqJA9lNCg4JPHw1TP9DEjlzgY14mNdoLCnDAxCy/D
teD533A44/oP/Q6qxu7Gakb6onoig4XCgeoSbyn9dRbLSEiAIkW3Iphxz7soh37o
VjZUkV7BXce9e5TQ4D3RH2vWrW/xq2Z01Wwm0hiWeuerFJq6XeDQjDW2O62HxM7R
LwQm0Ob+QkqsM9jLXB6rdAhIsxndvCXWy5j/1N9oui0YrGRR9ElRsbcroAOBG8xR
lrJNwbINxnU/qtUi8GsaCrNTJknOeLKYq+TiINs0fBAq/1CgDnqnJcwrunj32Z9v
eT6ttEDlRQgHqwA6mGw/+cbVngVA39BNRWeQt2euxl/EcjEsLC5tMRAxJxsTDIHl
taTIUb3Oubn3TvFOz1NRefBLI3BfUYGVlq0EKMPnEmyOmh3S91k=
=khds
—–END PGP SIGNATURE—–
—