Lucene search
UbuntuUSN-6453-1HistoryOct 25, 2023 - 12:00 a.m.
X.Org X Server vulnerabilities
2023-10-2500:00:00
ubuntu.com
38
ubuntu
x.org x server
vulnerabilities
x11 server
wayland
security
cve-2023-5367
cve-2023-5380
multi-screen
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
28.9%
Releases
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- xorg-server - X.Org X11 server
- xwayland - X server for running X clients under Wayland
Details
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
prepending values to certain properties. An attacker could possibly use
this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5367)
Sri discovered that the X.Org X Server incorrectly handled detroying
windows in certain legacy multi-screen setups. An attacker could possibly
use this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5380)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | xserver-xorg-core | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xnest | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xnest-dbgsym | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xorg-server-source | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-common | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-xephyr | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-xephyr-dbgsym | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-xorg-core-dbgsym | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-xorg-dev | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | xserver-xorg-legacy | < 2:21.1.7-3ubuntu2.1 | UNKNOWN |
Related
fedora
fedora
[SECURITY] Fedora 38 Update: tigervnc-1.13.1-6.fc38
2023-11-13 01:29:19
[SECURITY] Fedora 37 Update: tigervnc-1.13.1-6.fc37
2023-11-18 01:33:23
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-26.fc37
2023-11-10 01:13:44
openvas
openvas
Fedora: Security Advisory for xorg-x11-server (FEDORA-2023-1f4f1b8365)
2023-10-29 00:00:00
Slackware: Security Advisory (SSA:2023-299-02)
2023-10-27 00:00:00
Mageia: Security Advisory (MGASA-2023-0321)
2023-11-21 00:00:00
nessus
nessus
Fedora 37 : xorg-x11-server (2023-f111d2f306)
2023-11-09 00:00:00
Fedora 37 : tigervnc (2023-4708733ccc)
2023-11-17 00:00:00
Amazon Linux 2 : xorg-x11-server (ALAS-2023-2335)
2023-11-15 00:00:00
osv
osv
xorg-server - security update
2023-10-25 00:00:00
xorg-server vulnerabilities
2023-10-31 15:16:46
xorg-server - security update
2023-10-25 00:00:00
redhat
redhat
(RHSA-2023:7428) Important: tigervnc security update
2023-11-21 14:52:48
(RHSA-2023:7405) Important: tigervnc security update
2023-11-21 09:47:53
(RHSA-2023:7526) Important: tigervnc security update
2023-11-28 14:35:11
ubuntu
ubuntu
X.Org X Server vulnerabilities
2023-10-31 00:00:00
debian
debian
[SECURITY] [DSA 5534-1] xorg-server security update
2023-10-25 14:45:31
[SECURITY] [DLA 3631-1] xorg-server security update
2023-10-25 15:17:02
mageia
mageia
Updated tigervnc packages fix security vulnerabilities
2023-11-20 13:04:11
Updated x11-server packages fix security vulnerabilities
2023-11-07 02:08:32
amazon
amazon
Important: xorg-x11-server
2023-11-10 17:32:00
Important: xorg-x11-server
2023-11-09 19:19:00
oraclelinux
oraclelinux
tigervnc security update
2023-11-22 00:00:00
xorg-x11-server security update
2023-11-08 00:00:00
tigervnc security update
2024-05-23 00:00:00
slackware
slackware
[slackware-security] xorg-server
2023-10-26 20:01:09
[slackware-security] tigervnc
2023-11-13 19:27:10
freebsd
freebsd
xorg-server -- Multiple vulnerabilities
2023-10-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2325
2024-01-23 12:18:22
redos
redos
ROS-20231114-02
2023-11-14 00:00:00
cbl_mariner
cbl_mariner
cve
cve
CVE-2023-5367
2023-10-25 20:15:18
CVE-2023-5380
2023-10-25 20:15:18
cvelist
cvelist
zdi
zdi
prion
prion
Heap overflow
2023-10-25 20:15:00
Design/Logic Flaw
2023-10-25 20:15:00
ubuntucve
ubuntucve
CVE-2023-5367
2023-10-25 00:00:00
CVE-2023-5380
2023-10-25 00:00:00
nvd
nvd
CVE-2023-5367
2023-10-25 20:15:18
CVE-2023-5380
2023-10-25 20:15:18
redhatcve
redhatcve
CVE-2023-5367
2023-10-25 19:46:38
CVE-2023-5380
2023-10-25 19:46:48
alpinelinux
alpinelinux
CVE-2023-5367
2023-10-25 20:15:18
CVE-2023-5380
2023-10-25 20:15:18
debiancve
debiancve
CVE-2023-5367
2023-10-25 20:15:18
CVE-2023-5380
2023-10-25 20:15:18
veracode
veracode
Out-of-Bounds Write
2023-10-28 00:48:10
Use After Free
2023-11-30 18:35:01
almalinux
almalinux
Moderate: tigervnc security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-30 00:00:00
Important: tigervnc security update
2024-01-02 00:00:00
gentoo
gentoo
X.Org X Server, XWayland: Multiple Vulnerabilities
2024-01-31 00:00:00
ibm
ibm
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
28.9%
Related for USN-6453-1