DSA-5380-1

Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5380-1.json
Aliases
Published
2023-03-29T00:00:00Z
Modified
2023-03-29T15:15:21.610091Z
Details

Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

For the stable distribution (bullseye), this problem has been fixed in version 2:1.20.11-1+deb11u6.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/xorg-server

References

Affected packages

Debian:11 / xorg-server

xorg-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2:1.20.11-1+deb11u6

Affected versions

2:1.*

2:1.20.11-1
2:1.20.11-1+deb11u1
2:1.20.11-1+deb11u2
2:1.20.11-1+deb11u3
2:1.20.11-1+deb11u4
2:1.20.11-1+deb11u5