it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5800-1] xorg-server security update
- Date: Tue, 29 Oct 2024 18:36:52 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1t5r5I-004ud6-W1 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=h2SOjqm7VuMy4EBQb5IJkE1Fbfz9/Uy7CXrZ9/xcsl0=; b=Bw veXpGAQ94xMwuGj4ivw7seD6UFics7AjyhZfcLdF32BKA6ussaLuCK4DrPYscMQ9l4KUfZBcLLgvB gwm7iJ4CHuruCT2WiGzywj+xU5+QNwAPMkrbVC4lNC10w540vOCkb0s/Gs+KBuiQfqSojqcZ1U2QV MAC502U5yHe6yZKxH/PAfOKn88GwiqbCGsOGgESwjbxGlKh6qWKpSLIFNTpqd4pX2ZdgtROPTcpmX p48THaye/8nbCrAFHi4G0iRmHGs+3b4gFiu4vlJoSDONTEbZ03Su/Mr1TqbXZnswVoJhP5IZKi5l6 ZSwhKx0hMS17OK7aKZ6Hou0ouVIEqiKQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 29 Oct 2024 19:25:42 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <5yNpHxktrYP.A.MQ-M.2aTInB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5800-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 29, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xorg-server
CVE ID : CVE-2024-9632
Debian Bug : 1086244
Jan-Niklas Sohn discovered that a heap-based buffer overflow in the
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X
server may result in privilege escalation if the X server is running
privileged.
For the stable distribution (bookworm), this problem has been fixed in
version 2:21.1.7-3+deb12u8.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchKQNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S1og//Qc+fk1SZNKINd1d/ItoR5XQQGU4V92/kQKcfNu97F2DLcb1wUc+BZAaY
yr1HS+ru3pY25XOKYLgR7Tx///BEXzYxKdNxLGVMXzJqU06oSYXAkUBERFW5aU0/
ayaV+UtwaX7ADUwYpCeJbQJcudMw3YtPlkRpN1uCs/lHMHPcbsGpZt4VBpItksrs
iRpqq40eQiPafzGBpzx40ejaJyn200s9hYNN6dieqNDQTW6MmGSI9OLfY5alze6M
Iot3mopREg/iKJblNz7+T2mKng0TEPY2PgolcsmHjvHEKCrWmWcGKwWHKlbvfpJX
s1522AAWS5aJeW8r6TeGbOa298caLsW4doQa/6EX4HeADQu7SjV9oXZwrUtGsCxn
eb6oLUGhHs0FGmY/Hvfng/ouZwSj1wKWE45hMCJ1HRSlpbfCoJxQlFpNLWQziFaS
TuzebmpPXfbrbcXb7tNgUPtLcayu09JwJWxZLYPYcFDXZe1wUz3ZQIWkKHizXkSI
NZtQYdLMKqBp99XR65vkTORS7QWkpdaW6AY6JujoihKFzh+wRM7qKtgflHl6qTLd
mPK8DU/qe5jCs5oqzLvQ7sZUb95JqhYaLf8ZWH6koTHLHqnMt9wOxqoEPoFfk4Lz
TH0FizIOHO6imr6USG+ubOtlf/nd1py1achR9ihKtd+0GE0Hx8Q=
=Y9nq
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5800-1] xorg-server security update, Salvatore Bonaccorso, 29.10.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.