Univention Bugzilla – Bug 53118
xorg-server: Multiple issues (4.4)
Last modified: 2021-04-21 16:56:57 CEST
New Debian xorg-server 2:1.19.2-1+deb9u8 fixes: This update addresses the following issue: * XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/xorg-server_1.19.2-1+deb9u7.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/xorg-server_1.19.2-1+deb9u8.dsc @@ -1,3 +1,12 @@ +2:1.19.2-1+deb9u8 [Thu, 15 Apr 2021 11:15:10 +0100] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-3472: Fix an input validation failure in the XInput extension. + Insufficient checks on the lengths of the XInput extension's + ChangeFeedbackControl request could have lead to out of bounds memory + accesses in the X server. These issues can lead to privilege escalation for + authorised clients on systems where the X server is running privileged. + 2:1.19.2-1+deb9u7 [Wed, 02 Dec 2020 12:31:11 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * CVE-2020-14360: buffer overflow on XkbSetMap. <http://piuparts.knut.univention.de/4.4-7/#4988821390626283326>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 719a688ba6 Bug #53118: xorg-server 2:1.19.2-1+deb9u8 doc/errata/staging/xorg-server.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x962>