[SECURITY] [DLA 2627-1] xorg-server security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2627-1] xorg-server security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 15 Apr 2021 06:24:05 -0400 (EDT)
Message-id: <[🔎] 161848208269.838165.7641178022510538929@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2627-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 15, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.19.2-1+deb9u8
CVE ID         : CVE-2021-3472

Jan-Niklas Sohn discovered that there was an input validation failure
in the X.Org display server.

Insufficient checks on the lengths of the XInput extension's
ChangeFeedbackControl request could have lead to out of bounds memory
accesses in the X server. These issues can lead to privilege
escalation for authorised clients, particularly on systems where the
X server is running as a privileged user.

For Debian 9 "Stretch", this problem has been fixed in version
2:1.19.2-1+deb9u8.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmB4E6AACgkQHpU+J9Qx
Hlj6qw//ZBpTkP0Af19OglE2NR3AujsTErxp4lI8sc5LwOlXtnfcVFEpl4kpLBpR
suMrlmkryaedBBl0Zeq8qnoimuMPdhiTing+77I1YW7hNfhwZJdDjLsoVFG5qXe6
D9/fD683vgL4IiKdHxLNfqcaaL8QYm2KmyKLbHsTvQ+12b7pq9TwenbIHGloGV7K
nsTZrXkx37loi5cdYHQLw09qKYXcTaQx+GZ7XH0UgiJi4XJCjY7gr6/4+qnqVYW/
OnpmGYh9SycH1cFHkPfmWDGrBd3omKStkx7keBXXBQVgyyUpIDp9A3J62lM3vX9U
czexLKJTCx77CviBFcJYigi41ST/XT/HCVy2pkvxv7d6KXA+fCKPL7jogBy43Zfy
3d2SL9mH7MxAfP5TVOsmShPrLqY9FGm0MteXjSKX7inoAxJmJx9F2w7JtzfNNDpG
2a0mJABw4ZRRiEL5OlEonAwqExyR+LO6cFA+xWKmZwsy4lMEeOBo3RAzX+U21iLB
wDATwPL0Q97XM3b3iOJShCXr2nWYrNhd2mWFFEewXVEZWvSVqyI9uVtr9FW6/0YJ
LD9jXp1BBbt7/bMZv+KSLVMavKLOu4Vm6bwClKX5NYS1ZRXWVX71XkuId5ntpoco
raxAtjWgda1KidFGStU2ABoFoil4tyWhg7CuB+KCoyfVhIiM4Wg=
=eyBB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2626-1] clamav security update
Next by Date: [SECURITY] [DLA 2618-2] smarty3 regression update
Previous by thread: [SECURITY] [DLA 2626-1] clamav security update
Next by thread: [SECURITY] [DLA 2618-2] smarty3 regression update
Index(es):
- Date
- Thread