Debian Security Advisory

DSA-4000-1 xorg-server -- security update

Date Reported:
17 Oct 2017
Affected Packages:
xorg-server
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, CVE-2017-13721, CVE-2017-13723.
More information:

Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed in version 2:1.16.4-1+deb8u2.

For the stable distribution (stretch), these problems have been fixed in version 2:1.19.2-1+deb9u2.

We recommend that you upgrade your xorg-server packages.