[SECURITY] [DLA 2869-1] xorg-server security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2869-1] xorg-server security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 29 Dec 2021 22:07:22 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2112292206030.11741@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2869-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
December 29, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.19.2-1+deb9u9
CVE ID         : CVE-2021-4008 CVE-2021-4009 CVE-2021-4011

Jan-Niklas Sohn discovered that multiple input validation failures in Xserver extensions of the X.org X server may result in privilegeescalation if the X server is running privileged.



For Debian 9 stretch, these problems have been fixed in version
2:1.19.2-1+deb9u9.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHM3BpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd2oQ//SXzwhIQo0GKgvl3ZdfQsvuCx/6tzlMjuS6SyjXs61vHkm4Qi8Lgi5g2k
06w7ejapTLl130XcSnXWOYNkP2KbUjHMF+D8qe4FbKtS3mC50xRUjhLrOZ2PxOHH
bQKngn5JUVPWP7oUakmChr8rvfdNZ5UjuwYl6ru+7NW1rGieq3fh/dP1T/3Jbr/y
/UD2Jlg8USdpJhK9MHtQRkVnLHcbwuf7ndRENSa7cwkMPSBRYQm9bgC8Qlg3hgVu
pwdviq/B49br/kcEoggV0a2SRWZv6tY9AuQJmM4h+IHDTK6pX6+1qCOrfx2BlF1k
N1hLEEy++KnKDlzvGfvuoz4TPWvO9rUo+CZ+EvEa9UShQi9rIKEsCAirg6fmX1Xp
DkKlmWbu5FWo75Tr4qJ/s4Fp0sxT5JeIQYcJKHzh1ScWNWJSTWhFVOjFA6iJXuGa
4VEoK33sDv3TMJNbYDoFc44TvfZ06thdazxeTRfnbw5UcEJuLBEgcz+eAbHwWukR
ycDIBWNJi4a0sozySLgkgOO4+K0EkV0vW0inExo+C65396jN+gSPzFeOl/ZFp+lv
r286Dfk+L23bm7nr91ldPlvHbgCGVzW0OmvY6oq5/6ByYnFHZhJBeJA58GtHf19U
Ypmn9dV/GH+Y8HUUInDWuw8FkSMZ74HnEy/fb06g5zCYb4ug4Jg=
=S7KY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2868-1] advancecomp security update
Next by Date: [SECURITY] [DLA 2870-1] apache-log4j2 security update
Previous by thread: [SECURITY] [DLA 2868-1] advancecomp security update
Next by thread: [SECURITY] [DLA 2870-1] apache-log4j2 security update
Index(es):
- Date
- Thread