ELA-288-1 libxrender security update
Package libxrender
ELA-288-1 libxrender security update
Version 1:0.9.8-1+deb8u1
Related CVEs CVE-2016-7949 CVE-2016-7950
Two issues have been found in libxrender, a X Rendering Extension client library.
Tobias Stoeckmann from the OpenBSD project has discovered issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially allowing the user to escalate their privileges.
For Debian 8 jessie, these problems have been fixed in version 1:0.9.8-1+deb8u1.
We recommend that you upgrade your libxrender packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A libxrender security update has been released for Debian GNU/Linux 8 Extended LTS to address two issues.