[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2359-1] xorg-server security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2359-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 30, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.19.2-1+deb9u6
CVE ID         : CVE-2020-14345 CVE-2020-14346 CVE-2020-14347
                 CVE-2020-14361 CVE-2020-14362


Several issues have been found in xorg-server, the X server from xorg.
Basically all issues are out-of-bounds access or integer underflows in different request handlers. One CVE is about a leak of uninitialize heap memory to clients.


For Debian 9 stretch, these problems have been fixed in version
2:1.19.2-1+deb9u6.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9MHMlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfTww/+PtbsaDHf3/vJ7RLm3tJ2ejHzS5oWQPSW2lrdT6ioj5FgXJRPmsSb6oaz
jOvbXZuEGSLRF5SxpaR1nA+47NqyjH7KRLPGyQN5KBV/vG532v0BKSP3S7inldjO
yo2Z8sGiTbSjoTf8qH9k/2OpYi6uJqzIgsjjTnendVLlOuEDFUGmZzgA7NlPFtZN
GlPqLn3JnE/zMN/vc0BYcNG93JNwowhNDsRAEvTjU5HKCOJKvzMjD55s2Dkb8bDN
xrzBzyKbMa3ngN3pvbY9cQWSgP5X3yhChANRw+9ILQyoNZpUxEviPiVyGGmLxpJs
9yUWR0eCgMycaLAIdJG/lhOtE7Zcwc9Sph5DeFqD4BXSL8DiKDnsCukqOnNxeoVD
uUL7RAQeYZJnpB/q0lI36cYOSwnGaJZg8gdv9xZfcyEpQ4ABWXu5sxarNMVy6QY7
33XR0cl1NxmHWxJ4ur55OwkJQZ/ncsdv9TSxKWaYY0Jq+FT1Blrcrumd7tG6jTJU
LjCUplHQDx7uBWiTXy/oKLlnKQPrb1XFz9FSccou4so86hhhoa+S/P7voIhhvl5X
yCTEyaivnVBXA2MNAFh7Yzpn7TAlJUAooINZRJUqcyvNsAdQVPXOy5DM/KLbaR2S
l0QGv0oWVzkgDC9oLdRrdXSYccMjARwu1d1M0xoQnvdiTHlSdIo=
=GryC
-----END PGP SIGNATURE-----


Reply to: