[SECURITY] [DLA 2486-1] xorg-server security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2486-1] xorg-server security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 9 Dec 2020 11:27:48 +0100 (CET)
Message-id: <[🔎] 20201209102748.AB2542A0DB3@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2486-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 09, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.19.2-1+deb9u7
CVE ID         : CVE-2020-14360 CVE-2020-25712

Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server
performed incomplete input validation, which could result in privilege
escalation.

For Debian 9 stretch, these problems have been fixed in version
2:1.19.2-1+deb9u7.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl/QpqQACgkQnUbEiOQ2
gwKyxw/9Ejv+OATwMLjv49+fdUGLJpbgtlRvbgDCVC16JSyZLO1KSRRR/Hi/u6Ag
ReWFQv2489CFuRpc5rZTAGfcGlaV55eUgDOwMeCggP23B8sHzb6L7OasLldlauni
ov9ASg+ui/sjCdUS12uB3Ni1qgkcr/ah5PP1D1X7wxAqYJzasFUxTlqBGgaE4i1R
YZELkEDpSHJAJ1iR2Oyi5/OxMQqY/wlWNT+QtGF/xjlN8pw9iZioZO1efC5g1UvY
CkztRafWw94Pg5FnAd21rZEhFH9Q6+0Tg9k4mBhbPg3TMni1EtPXdJjaxY1jUvx0
bR3xQfUC4SxK7c/DSMCbG8xn/ny0UAjfLDMm6ucR7sjncbvv47WowQ0CyfuFc4rp
HCOJnW/gsLH1I/3zK0B58D6heFklU0ee17wDHtO76at/A+2LmoDrbpKKTIk6fwUN
Zyvccb8WpEsSCg4a2OxP9syG0IM9yozs2jMfcrcTMD2Ym5bwsMJIDahYcoyJQ0GP
R/3+hU4HKjutcfPlNTvoWxJLtghaaGzVZlLQO2fvry8ddB/3FYqncUq2tHs6B+jX
JTmis+OhD6wQljOMVVwrYfRqHkxXcsDW9SW2XUk4Lm1Pr+o+S8AuTg4cKw0K7AyN
7PQHuYLpqBCz2NQ4/Nc+Oo2KwCl4SPzLURblm3qYMneuurzl3+c=
=lKsx
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
Next by Date: [SECURITY] [DLA 2487-1] apt security update
Previous by thread: [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
Next by thread: [SECURITY] [DLA 2487-1] apt security update
Index(es):
- Date
- Thread