Ubuntu Security Notices
USN-6721-2

USN-6721-2: X.Org X Server regression

Publication date

9 April 2024

Overview

A regression was fixed in X.Org X Server.

Releases

23.10 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS

Packages

xorg-server - X.Org X11 server
xwayland - X server for running X clients under Wayland

Details

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)

Update instructions

After a standard system update you need to restart -APP- to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
23.10 mantic	xserver-xorg-core – 2:21.1.7-3ubuntu2.9
23.10 mantic	xwayland – 2:23.2.0-1ubuntu0.6
22.04 jammy	xserver-xorg-core – 2:21.1.4-2ubuntu1.7~22.04.10
22.04 jammy	xwayland – 2:22.1.1-1ubuntu0.13
20.04 focal	xserver-xorg-core – 2:1.20.13-1ubuntu1~20.04.17
20.04 focal	xwayland – 2:1.20.13-1ubuntu1~20.04.17
18.04 bionic	xserver-xorg-core – 2:1.19.6-1ubuntu4.15+esm8
18.04 bionic	xwayland – 2:1.19.6-1ubuntu4.15+esm8
16.04 xenial	xserver-xorg-core – 2:1.18.4-0ubuntu0.12+esm13
16.04 xenial	xwayland – 2:1.18.4-0ubuntu0.12+esm13
14.04 trusty	xserver-xorg-core – 2:1.15.1-0ubuntu2.11+esm12

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

https://launchpad.net/bugs/2060354