DSA-5380-1

Source

https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5380-1.json

Aliases

CVE-2023-1393 ( ALSA-2023:1551, ALSA-2023:1592, DLA-3372-1, RLSA-2023:1592 )

Published

2023-03-29T00:00:00Z

Modified

2023-03-29T15:15:21.610091Z

Details

Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

For the stable distribution (bullseye), this problem has been fixed in version 2:1.20.11-1+deb11u6.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/xorg-server

References

https://www.debian.org/security/2023/dsa-5380

Affected packages

Debian:11 / xorg-server

xorg-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

2:1.20.11-1+deb11u6

Affected versions

2:1.*

2:1.20.11-1

2:1.20.11-1+deb11u1

2:1.20.11-1+deb11u2

2:1.20.11-1+deb11u3

2:1.20.11-1+deb11u4

2:1.20.11-1+deb11u5