Ubuntu Security Notice USN-2500-1
17th February, 2015
xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in the X.Org X server.
Software description
- xorg-server
– X.Org X11 server - xorg-server-lts-trusty
– X.Org X11 server - xorg-server-lts-utopic
– X.Org X11 server
Details
Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that the X.Org X server incorrectly handled certain
trapezoids. An attacker able to connect to an X server, either locally or
remotely, could use this issue to possibly crash the server. This issue
only affected Ubuntu 12.04 LTS. (CVE-2013-6424)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
xserver-xorg-core
2:1.16.0-1ubuntu1.3
- Ubuntu 14.04 LTS:
-
xserver-xorg-core
2:1.15.1-0ubuntu2.7
-
xserver-xorg-core-lts-utopic
2:1.16.0-1ubuntu1.2~trusty2
- Ubuntu 12.04 LTS:
-
xserver-xorg-core
2:1.11.4-0ubuntu10.17
-
xserver-xorg-core-lts-trusty
2:1.15.1-0ubuntu2~precise5
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.