Debian Security Advisory

DLA-2627-1 xorg-server -- LTS security update

Date Reported:
15 Apr 2021
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2021-3472.
More information:

Jan-Niklas Sohn discovered that there was an input validation failure in the X.Org display server.

Insufficient checks on the lengths of the XInput extension's ChangeFeedbackControl request could have lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorised clients, particularly on systems where the X server is running as a privileged user.

For Debian 9 Stretch, these problems have been fixed in version 2:1.19.2-1+deb9u8.

We recommend that you upgrade your xorg-server packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: