-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3787-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 15, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : xorg-server Version : 2:1.20.4-1+deb10u14 CVE ID : CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 Multiple vulnerabilities have been fixed in the Xorg X server. CVE-2024-31080 Heap buffer overread in ProcXIGetSelectedEvents() CVE-2024-31081 Heap buffer overread in ProcXIPassiveGrabDevice() CVE-2024-31083 Use-after-free in ProcRenderAddGlyphs() For Debian 10 buster, these problems have been fixed in version 2:1.20.4-1+deb10u14. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYdKiUACgkQiNJCh6LY mLEthBAAwekWU9GEvzW/hg14rAudN4FmDe31jh4QVqPpeZKcOLJfEhLyvLn/H+ae QqvK6DdCTlsxdihJJDwhyge8gjoEU6qgpifEnoE0/udcJZoqZ9VdvFzVioI2VQVj rsVmbreKlOmgpomFRtyI2VjxRRTjiqAZUpgd47AAxpHFYO1aNgBrJSkuB71lEA6Z oxBhFjJv7tDSC5bdXSqJxAeyg2Qs9W1PNF/G46+xvnWavtqe00304yphf83tA4Fa zjDy10bo1qnZP1rdOC546xD7hjInVy4nJ94DvkGZQB6MnbT/mT0AlqUgabd2R676 5DFawXphdRKQ2meSNjhvSKTKfXFImeNxhvAAFZTwtaDByTvWTXqztPe96mIjmCST NZRTol9M2xEfdBQRDaQIVmNwoKmLeOuxGfSXVGCwqBYUDtVntRFnCXJk4xrbrwmr Glz8y1D55QJQUdYqOk9yUJb/GCJrRRQAYi7HB0EMNubMhVMPY+mrZ/GCo5thCF7e q33n9AXdkkYghHIesNcz6hAyMablOmnWXZMGrzEqMQQNr3cYZ/gCz9ifH+ZW/y/q iQg7mA5tBytIk0CyztRuLkU8IrV6dW/AkrqeR9Nrad2p43LjJvVLzbqUmy94mGAd nCfpg0bu/N3C2RAWRyjDN76D5BEOPBEfYevbu3E8NS4tx3dC9yg= =Bs15 -----END PGP SIGNATURE-----