xorg-server vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 14.04 ESM
Summary
Several security issues were fixed in X.Org X Server.
Software Description
* xorg-server - X.Org X11 server
Details
USN-4488-1 fixed several vulnerabilities in X.Org. This update
provides the corresponding update and also the update from
USN-4490-1 for Ubuntu 14.04 ESM.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
handled the input extension protocol. A local attacker could
possibly use this issue to escalate privileges. (CVE-2020-14346)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
initialized memory. A local attacker could possibly use this issue
to obtain sensitive information. (CVE-2020-14347)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
handled the XkbSelectEvents function. A local attacker could
possibly use this issue to escalate privileges. (CVE-2020-14361)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
handled the XRecordRegisterClients function. A local attacker
could possibly use this issue to escalate privileges.
(CVE-2020-14362)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly
handled the XkbSetNames function. A local attacker could possibly
use this issue to escalate privileges. (CVE-2020-14345)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 14.04 ESM
xserver-xorg-core - 2:1.15.1-0ubuntu2.11+esm2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to
make all the necessary changes.
References
* USN-4488-1
* CVE-2020-14345
* CVE-2020-14346
* CVE-2020-14347
* CVE-2020-14361
* CVE-2020-14362
--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)