USN-2436-2: X.Org X server vulnerabilities

Ubuntu Security Notice USN-2436-2

9th December, 2014

xorg-server, xorg-server-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 14.10


• Ubuntu 14.04 LTS


• Ubuntu 12.04 LTS

Summary

USN-2436-1 contained incomplete fixes for the X.Org X server.

Software description

• xorg-server - X.Org X11 server


• xorg-server-lts-trusty - Xorg X server - source files

Details

USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication,

additional fixes have been made available for these issues. This update

adds the additional fixes.

Original advisory details:

Ilja van Sprundel discovered a multitude of security issues in the X.Org X

server. An attacker able to connect to an X server, either locally or

remotely, could use these issues to cause the X server to crash or execute

arbitrary code resulting in possible privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.10:

xserver-xorg-core 2:1.16.0-1ubuntu1.2

Ubuntu 14.04 LTS:

xserver-xorg-core 2:1.15.1-0ubuntu2.5

Ubuntu 12.04 LTS:

xserver-xorg-core 2:1.11.4-0ubuntu10.16

xserver-xorg-core-lts-trusty 2:1.15.1-0ubuntu2~precise4

To update your system, please follow these instructions: http://bit.ly/1aJDvTw.

After a standard system update you need to reboot your computer to make

all the necessary changes.

References

LP: 1400942

from Ubuntu Security Notices http://bit.ly/1B4KuEj