Improper Privilege Management Affecting xorg-server-hwe-16.04 package, versions <2:1.19.3-1ubuntu1~16.04.3


Severity

Recommended
low

Based on Ubuntu security rating

    Threat Intelligence

    EPSS
    0.06% (28th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UBUNTU1604-XORGSERVERHWE1604-278437
  • published 10 Oct 2017
  • disclosed 10 Oct 2017

How to fix?

Upgrade Ubuntu:16.04 xorg-server-hwe-16.04 to version 2:1.19.3-1ubuntu1~16.04.3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xorg-server-hwe-16.04 package and not the xorg-server-hwe-16.04 package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.