Packages
- xorg-server - X.Org X11 server
- xwayland - X server for running X clients under Wayland
Details
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that...
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 23.10 mantic | xserver-xorg-core – 2:21.1.7-3ubuntu2.6 | ||
| xwayland – 2:23.2.0-1ubuntu0.4 | |||
| 23.04 lunar | xserver-xorg-core – 2:21.1.7-1ubuntu3.6 | ||
| xwayland – 2:22.1.8-1ubuntu1.4 | |||
| 22.04 jammy | xserver-xorg-core – 2:21.1.4-2ubuntu1.7~22.04.7 | ||
| xwayland – 2:22.1.1-1ubuntu0.10 | |||
| 20.04 focal | xserver-xorg-core – 2:1.20.13-1ubuntu1~20.04.14 | ||
| xwayland – 2:1.20.13-1ubuntu1~20.04.14 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.