1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • X.Org X Server vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, September 08, 2020 12:10:02
    xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    X.Org X Server could be made to crash or run programs if it
    received specially crafted input.

    Software Description

    * xorg-server - X.Org X11 server
    * xorg-server-hwe-18.04 - X.Org X11 server
    * xorg-server-hwe-16.04 - X.Org X11 server

    Details

    Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
    handled the XkbSetNames function. A local attacker could possibly
    use this issue to escalate privileges.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    xserver-xorg-core - 2:1.20.8-2ubuntu2.4

    Ubuntu 18.04 LTS
    xserver-xorg-core - 2:1.19.6-1ubuntu4.6
    xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3

    Ubuntu 16.04 LTS
    xserver-xorg-core - 2:1.18.4-0ubuntu0.10
    xserver-xorg-core-hwe-16.04 - 2:1.19.6-1ubuntu4.1~16.04.4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    References

    * CVE-2020-14345

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)