rss-bot
May 18th, 2010, 06:40 PM
Referenced CVEs:
CVE-2009-1573, CVE-2010-1166
Description:
================================================== ========= Ubuntu Security Notice USN-939-1 May 18, 2010 xorg-server vulnerabilities CVE-2009-1573, CVE-2010-1166 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3 xvfb 2:1.4.1~git20080131-1ubuntu9.3 Ubuntu 9.04: xserver-xorg-core 2:1.6.0-0ubuntu14.2 xvfb 2:1.6.0-0ubuntu14.2 Ubuntu 9.10: xserver-xorg-core 2:1.6.4-2ubuntu4.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573) It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166)
More... (http://www.ubuntu.com/usn/USN-939-1)
CVE-2009-1573, CVE-2010-1166
Description:
================================================== ========= Ubuntu Security Notice USN-939-1 May 18, 2010 xorg-server vulnerabilities CVE-2009-1573, CVE-2010-1166 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3 xvfb 2:1.4.1~git20080131-1ubuntu9.3 Ubuntu 9.04: xserver-xorg-core 2:1.6.0-0ubuntu14.2 xvfb 2:1.6.0-0ubuntu14.2 Ubuntu 9.10: xserver-xorg-core 2:1.6.4-2ubuntu4.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573) It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166)
More... (http://www.ubuntu.com/usn/USN-939-1)