You are here
Home > Preporuke > Ranjivosti programskog paketa xorg-server

Ranjivosti programskog paketa xorg-server

==========================================================================
Ubuntu Security Notice USN-2500-1
February 17, 2015

xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the X.Org X server.

Software Description:
– xorg-server: X.Org X11 server
– xorg-server-lts-utopic: X.Org X11 server
– xorg-server-lts-trusty: X.Org X11 server

Details:

Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)

It was discovered that the X.Org X server incorrectly handled certain
trapezoids. An attacker able to connect to an X server, either locally or
remotely, could use this issue to possibly crash the server. This issue
only affected Ubuntu 12.04 LTS. (CVE-2013-6424)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
xserver-xorg-core 2:1.16.0-1ubuntu1.3

Ubuntu 14.04 LTS:
xserver-xorg-core 2:1.15.1-0ubuntu2.7
xserver-xorg-core-lts-utopic 2:1.16.0-1ubuntu1.2~trusty2

Ubuntu 12.04 LTS:
xserver-xorg-core 2:1.11.4-0ubuntu10.17
xserver-xorg-core-lts-trusty 2:1.15.1-0ubuntu2~precise5

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2500-1
CVE-2013-6424, CVE-2015-0255

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.16.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/xorg-server/2:1.15.1-0ubuntu2.7

https://launchpad.net/ubuntu/+source/xorg-server-lts-utopic/2:1.16.0-1ubuntu1.2~trusty2
https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.17

https://launchpad.net/ubuntu/+source/xorg-server-lts-trusty/2:1.15.1-0ubuntu2~precise5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJU4zheAAoJEGVp2FWnRL6TG/AQAJWr8GCVfzd9GdCn33R9Jl85
/y7OR/T7MlhVCPXpOI1RhDAp6pW77X0nTJALVm3junfOentB2DBgI6p4NKbPHfiv
HfvJxszQRhbFexnh54+WPmI1Wrj6CchuafWfUPpZ/iAIZOYs76rg+Rh8sUPQ2hhL
mgd4prv9eginTGAHB27ax992EyifpeGILocMIp5xdIGlT3bcNENKl2FYYMAkAh2y
dCkIx0+96CqCN2aNEu1CSgeO0Qna6arBp5jGrALfKfc1ZVvH/oERe1NMiwvtIS5R
KnG51SABbP+zyCtLzkfgWJbGPzkCXO9OUvaQ/P9gDGmeeRg7UFvDYliLM4hqmrNH
oed24zJshQVyOT3IjXRwnECfS1RduvWUPBhCJ66/5rURPY8nrMjJxaEgSOaq5pqj
FUr3g3kzU06pEfosGgAfC7mErH3X+hy0yMJxrRp7LGChk+Bo+Ou/NzcVTgS29Nn+
tOHvfMm5Dxzp3xY7F5+Jdu2NtxrK1ipjmhI6jv45DidDSyMWjw5esYpITYkK2aKS
ptS468eLG/jsFs8qv71LQTaHg9YLGa5znyRrugQJSFi9tkSYmR165q/WlUIY1bP3
24tZ9ehpgUoZ7/teQSsShDCzNUMwMSUlWOK5o8Cgwyd5DYA1a8lvpcLTkcXa66UG
eZITc6+QMZqQ++5zlAkt
=yzwV
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni propust programskog paketa qemu

Otkriven je sigurnosni propust kod programskog paketa qemu za Fedoru. Propust je uzrokovan nedostatnim provjeravanjem Cirrus blit region unutar datoteke...

Close