ELA-288-1 libxrender security update

improved handling of responses from the server

2020-09-30
Packagelibxrender
Version1:0.9.8-1+deb8u1
Related CVEs CVE-2016-7949 CVE-2016-7950


Two issues have been found in libxrender, a X Rendering Extension client library.

Tobias Stoeckmann from the OpenBSD project has discovered issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially allowing the user to escalate their privileges.



For Debian 8 jessie, these problems have been fixed in version 1:0.9.8-1+deb8u1.

We recommend that you upgrade your libxrender packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.