ELA-405-1 xorg-server security update

Input validation vulnerability

2021-04-15
Packagexorg-server
Version2:1.16.4-1+deb8u5
Related CVEs CVE-2021-3472

Jan-Niklas Sohn discovered that there was an input validation failure in the X.Org display server.

Insufficient checks on the lengths of the XInput extension’s ChangeFeedbackControl request could have lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorised clients, particularly on systems where the X server is running as a privileged user.

For Debian 8 Jessie, these problems have been fixed in version 2:1.16.4-1+deb8u5.

We recommend that you upgrade your xorg-server packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/