A remote attacker could trigger a crash in X.org. In addition, the xvfb-run tool left the session cookie visible when launching X.org.
Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573)
18 May 2010
A security issue affects these releases of Ubuntu and its derivatives:
A remote attacker could trigger a crash in X.org. In addition, the xvfb-run tool left the session cookie visible when launching X.org.
Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573)
It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all the necessary changes.
Vulmon