[SECURITY] [DLA 3310-1] xorg-server security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3310-1] xorg-server security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 7 Feb 2023 07:27:41 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2302070720510.23392@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3310-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 07, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.20.4-1+deb10u8
CVE ID         : CVE-2023-0494

Jan-Niklas Sohn, working with Trend Micro Zero Day Initiative, discovereda vulnerability in the X.Org X server.A potential use after free mighty result in local privilege escalation ifthe X server is running privileged or remote code execution during ssh Xforwarding sessions.

For Debian 10 buster, this problem has been fixed in version2:1.20.4-1+deb10u8.


We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmPh/W1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEecPg//b6DNU//EcP/kUJL7M+LWSX0lfEwgf621gY6HEt6PGjfRPDeuJ/4BjE6C
gGCJUotDTzPbxRBU1ZjVDfxcoSqyehI9SKRd0oN+ds663rYVIXerkDUwKOIqSJWW
v++Au4Jddn2xUwGcj4Hy4Wk1pZe8bJ6Utefhz9kbuNrLJvX9zQFuMVTMVXMZ3i81
7z22xnYRc0CFXCUATaAj4CW8W9jrGO4S30VV+0lBGT0v3RUBMAkVfXVVbVLLjRZ6
ppDdCxQA8+k1GNkhrrFKfql7fPceo+EuXXjpHWNFP6XrQyXrxRTdzE0VZeTGqM5t
E6Q3dQkwG0vQQ2OB2YxC5Cm2Kdl1CnatoPyAX92CCFeDoRytMsY64/7E001sTYkK
S7kn7GJ/YwEPVlbYrhPqcVcMo2gHgBXfj38dKedjzMCQGSbPWfvAMrdrO6HOG0tM
7F7Ym95WisMjS+Ls2flVTUys0tNt0MUkXqVPWKSOGJ/6C8KD0ZR7NTyvEhX8eObc
1xVAZ4EnZB0joYmflXICWFTQF6wxUxMPV+HA5Bwg1vzJJHIx1LtUby1R2uwIFt4h
fqyuJWy/qw5zIKIlaNjKn0OIDcCFbE2knLHo/yMKTxgvs3M/Vflx17VuA2v1eakA
UO4r4uLnV3eCYQwaJQAAs63e3u5+ehGQwcPkj1QFkVNDJSJ1k2Q=
=/zin
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3309-1] graphite-web security update
Next by Date: [SECURITY] [DLA 3311-1] heimdal security update
Previous by thread: [SECURITY] [DLA 3309-1] graphite-web security update
Next by thread: [SECURITY] [DLA 3311-1] heimdal security update
Index(es):
- Date
- Thread