Debian 10261 Published by

A xorg-server security update has been released for Debian GNU/Linux 8 Extended LTS to address privilege escalation for authorized clients.



ELA-405-1 xorg-server security update

Package xorg-server
Version 2:1.16.4-1+deb8u5
Related CVEs CVE-2021-3472

Jan-Niklas Sohn discovered that there was an input validation failure in the X.Org display server.

Insufficient checks on the lengths of the XInput extension’s ChangeFeedbackControl request could have lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorised clients, particularly on systems where the X server is running as a privileged user.

For Debian 8 Jessie, these problems have been fixed in version 2:1.16.4-1+deb8u5.

We recommend that you upgrade your xorg-server packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-405-1 xorg-server security update