[SECURITY] [DSA 4328-1] xorg-server security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4328-1] xorg-server security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4328-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 25, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xorg-server
CVE ID         : CVE-2018-14665

Narendra Shinde discovered that incorrect command-line parameter
validation in the Xorg X server may result in arbitary file overwrite,
which can result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 2:1.19.2-1+deb9u4.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvSM2UACgkQEMKTtsN8
Tja9eA/6AoinY8OvykOs6ao2Wp2tsFBJWSZRaKf17oqN0xpGWhpPZwOIMAflroZB
i0q6GNXp5Nd3OLI3VEjlZ5BQZuX4UTCkFCdKQs/9g1PZ55tvZSPBbhvsBI74BjZl
XfQsTXiyZ/a32OZvVIPFbSVD8fudtav5yKkQf87/3gUSDP6yyqZ1cO1yIz4Cn1kF
EPXhBz8Ki/Zh2OzkTohuJrQnHyUqnloSMWtcYszwoXrSr60LOTrNY5Q6lOpY/GNR
qqAlBlp1l/4u+iOmoqg8k7EDj+QF54DlawJv8mkYEpJBdmkcGJb8HfkOEnJTq4h/
kvV3yVqdEbjxag6hwLl16Ziv0+NKnUrpFQgurftJ/y0ih5e0BU1cAWFG21HlORbS
X2riz9vrtC3aR5VHYUnVODwWmRnjL13DjPI1/w4SPN/Rewo8SNpLPbMM9WyP2dul
zXYNwzyexMaxG0TGer70Lnb5jh2kOhy/IE9YoyOw1sGYvCIkUu5Gmra4FGHTA8kT
EPRK1wQJjdJKVHO0TkC2lktdISH0vW04QUkneVcU7/MAueGBh7I8OHedFXFhOpPz
Ed/T40JRhOkeHU/3ICA12o4kgDImXKgb0FR34+bPBZZpjJF9MM42STXJ2KhI7PXl
rzteqmjIpE0gCKdSJ4C+q4NmBz0SWUK8WkZEyZbEUQS2z7nwkTQ=
=Q65S
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.