USN-7085-1: X.Org X Server vulnerability

Releases

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• xorg-server - X.Org X11 server
• xwayland - X server for running X clients under Wayland

Details

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• xserver-xorg-core - 2:21.1.13-2ubuntu1.1
• xwayland - 2:24.1.2-1ubuntu0.1

Ubuntu 24.04

• xserver-xorg-core - 2:21.1.12-1ubuntu1.1
• xwayland - 2:23.2.6-1ubuntu0.1

Ubuntu 22.04

• xserver-xorg-core - 2:21.1.4-2ubuntu1.7~22.04.12
• xwayland - 2:22.1.1-1ubuntu0.14

Ubuntu 20.04

• xserver-xorg-core - 2:1.20.13-1ubuntu1~20.04.18
• xwayland - 2:1.20.13-1ubuntu1~20.04.18

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

• CVE-2024-9632

Related notices

• USN-7085-2: xorg-server-source-hwe-16.04, xserver-xorg-dev-hwe-16.04, xserver-common, xorg-server-source-hwe-18.04, xwayland-hwe-16.04, xserver-xorg-legacy-hwe-18.04, xorg-server-hwe-18.04, xdmx-tools, xserver-xorg-core-hwe-16.04, xserver-xorg-dev, xvfb, xwayland-hwe-18.04, xserver-xorg-core, xorg-server-source, xserver-xorg-legacy, xorg-server, xmir-hwe-16.04, xnest, xserver-xephyr-hwe-18.04, xserver-xorg-legacy-hwe-16.04, xwayland, xserver-xorg-dev-hwe-18.04, xserver-xephyr, xdmx, xorg-server-hwe-16.04, xmir, xserver-xephyr-hwe-16.04, xserver-xorg-xmir, xserver-xorg-core-hwe-18.04