ClickCease X.Org X Server Vulnerabilities Fixed in Ubuntu

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

X.Org X Server Vulnerabilities Fixed in Ubuntu

by Rohan Timalsina

March 28, 2024 - TuxCare expert team

The X.Org X Server, a fundamental component of graphical user interfaces in Linux systems, recently encountered a series of vulnerabilities. These vulnerabilities, if exploited, could potentially allow attackers to crash the X Server, steal sensitive information, or even execute malicious code on the system. Fortunately, the Ubuntu security team swiftly addressed these issues by releasing security updates for Ubuntu 22.04 LTS (Long Term Support), Ubuntu 20.04 LTS, Ubuntu 23.10, and Ubuntu 23.04.

Let’s delve deeper into the details of these vulnerabilities and the recommended course of action.

 

Understanding the X.Org X Server Vulnerabilities

 

CVE-2023-6816 (CVSS v3 Score: 9.8 Critical)

This vulnerability, discovered by Jan-Niklas Sohn, pertains to the X Server’s improper memory handling during the processing of DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could potentially exploit this to crash the X Server, steal sensitive information, or even execute arbitrary code.

CVE-2024-0229

Another discovery by Jan-Niklas Sohn highlighted an issue with the X Server’s handling of reattaching to a different master device. This vulnerability could be exploited to crash the X Server, thereby causing a denial of service or enabling the execution of arbitrary code.

 

CVE-2024-0408 (CVSS v3 Score: 5.5 Medium)

Olivier Fourdan and Donn Seeley found a vulnerability in the X Server’s incorrect labeling of GLX PBuffers when used in conjunction with SELinux. This flaw could potentially lead to a crash of the X Server, resulting in a denial of service.

 

CVE-2024-0409 (CVSS v3 Score: 7.8 High)

Olivier Fourdan identified a flaw in the X Server’s incorrect handling of cursor code when operating with SELinux. Exploiting this vulnerability could cause the X Server to crash, leading to a denial of service.

 

CVE-2024-21885, CVE-2024-21886

Jan-Niklas Sohn once again identified vulnerabilities in the X Server’s memory handling mechanisms. These heap buffer overflow vulnerabilities found in the XISendDeviceHierarchyEvent function and DisableDevice function could be exploited to crash the X Server or execute arbitrary code.

 

Staying Secure: Patching Your System

 

These vulnerabilities emphasize how crucial it is to keep your system updated. Patching these vulnerabilities is a straightforward process. You can simply update your xorg-server and xwayland packages to the latest available versions using your distribution’s standard package manager. Users are advised to upgrade these packages immediately to mitigate the risks associated with X.Org X Server vulnerabilities.

TuxCare’s KernelCare Enterprise provides automated security patching for all popular Linux distributions, including Ubuntu, Debian, CentOS, AlmaLinux, RHEL, Rocky Linux, Oracle Linux, CloudLinux, and more. It ensures all security patches are deployed automatically without having to reboot the system or schedule maintenance windows. Learn more about the live patching approach for Linux.

 

Source: USN-6587-1

Summary
X.Org X Server Vulnerabilities Fixed in Ubuntu
Article Name
X.Org X Server Vulnerabilities Fixed in Ubuntu
Description
Stay protected from X.Org X Server vulnerabilities with Ubuntu updates. Learn about recent flaws and fixes to safeguard your system.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!