Users are urged to update their installations right now

Oct 18, 2017 15:36 GMT  ·  By

X.Org Server is not as secure as we'd like, that's why more and more GNU/Linux distributions are trying to migrate to the next-generation Wayland display server, whose design offers us an extra layer of security.

Canonical recently published a new security advisory informing users of the Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating systems about a recent security vulnerability affecting the xorg-server, xorg-server-hwe-16.04, and xorg-server-lts-xenial packages.

Any of the official derivatives are also affected by the issue, including Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Ubuntu Kylin, Ubuntu Studio, or Ubuntu Budgie, that could allow a remote or local attacker to crash the X.Org Server or run arbitrary code because the X11 server failed to correctly handle some lengths.

"It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code," reads Canonical's Ubuntu Security Notice USN-3456-1.

Update your installations right now to fix the problem

Those running Ubuntu 17.04 will need to update the xserver-xorg-core package to version 1.19.3-1ubuntu1.3. Ubuntu 16.04 LTS users running the stock kernel must update to xserver-xorg-core 1.18.4-0ubuntu0.7, but if you're running Ubuntu 16.04.3 LTS with the HWE (Hardware Enablement) kernel, you need to update to xserver-xorg-core-hwe-16.04 1.19.3-1ubuntu1~16.04.4.

On the other hand, those still using the Ubuntu 14.04 LTS release with the stock kernel must update the xserver-xorg-core package to version 1.15.1-0ubuntu2.11, and those running Ubuntu 14.04.5 LTS with the Xenial HWE kernel will have to update to xserver-xorg-core-lts-xenial 1.18.3-1ubuntu2.3~trusty4. More details on how to update your Ubuntu system can be found at https://wiki.ubuntu.com/Security/Upgrades.