[SECURITY] [DLA 3940-1] xorg-server security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3940-1] xorg-server security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 29 Oct 2024 18:30:12 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2410291824370.25558@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3940-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 29, 2024                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xorg-server
Version        : 2:1.20.11-1+deb11u14
CVE ID         : CVE-2024-9632

Jan-Niklas Sohn working with Trend Micro Zero Day Initiative found anissue in the X server and Xwayland implementations published by X.Org.CVE-2024-9632 can be triggered by providing a modified bitmap to the X.Orgserver. This may lead to local privilege escalation if the server is runas root or remote code execution (e.g. x11 over ssh).



For Debian 11 bullseye, this problem has been fixed in version
2:1.20.11-1+deb11u14.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently as
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmchKbRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcxLA//WAKA9Yj7G6Y64aNWmPMiffsV2M8BRo13dSgaD9SxlXyTt4aMiTdUfWSY
0NMYe6zbGd96vTzVj3DCC4o6cCQVp7T/TycRFfnEufTwo4Y8POn/v6D5GxPK9sSB
FLxiG32zUty2OnmDUuhigc2OsetDYnssfjsFH8SXJN76FqBqgT8wYTpslxg6BfX1
7Nr88JDiX5nbGGLhHMdxuOuoJ/L+eupXrn5K7lTxrEkETLimhm7uyWl1dAhCXJjq
FfkD1PljA1g7KQA8axAIIsKH/EKfUKGGCHZ4vcsV/iY1/r4glupmCqYQixjnpB05
SqDron2QnHQ5GgfcjOFqlc9jv8U1XfGn4ZblYC5jprXkZDmDh47tcGMcFqwI7/gp
AyT0A0CTkvW5ZUVq14vW613jUZj9dOj0G6eH2vos2oFnTiPVjyN7Px/kaewuG/4v
uHF7Jh0FMxfhNkhTe1TWmQW0P+EtkgS0xF0vleGq5IYnD6h6YN5IF/un5NQYtBf2
HyQBb8P7aVoAiyAqqSNEFA5lEXzB6IQQsSOhIRIDfwsUY8tL2F/peK1Zb7Qci08g
43+O+LPqC6QRQLmToR5IiERyuMbh+K1wYM2pUDNkS+AQU465XTY9HY72uKf34KcD
3drZxYBF9su7yKMcWXp1YAUwKSjRDZpO5OR5xICC3rWzs6kpq7g=
=B49C
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3939-1] python-git security update
Next by Date: [SECURITY] [DLA 3941-1] texlive-bin security update
Previous by thread: [SECURITY] [DLA 3939-1] python-git security update
Next by thread: [SECURITY] [DLA 3941-1] texlive-bin security update
Index(es):
- Date
- Thread