Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3282 xorg-server security update 26 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xorg-server Publisher: Debian Operating System: Debian GNU/Linux 9 Linux variants BSD variants Impact/Access: Root Compromise -- Existing Account Overwrite Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-14665 Original Bulletin: http://www.debian.org/security/2018/dsa-4328 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running xorg-server check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4328-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2018-14665 Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. For the stable distribution (stretch), this problem has been fixed in version 2:1.19.2-1+deb9u4. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvSM2UACgkQEMKTtsN8 Tja9eA/6AoinY8OvykOs6ao2Wp2tsFBJWSZRaKf17oqN0xpGWhpPZwOIMAflroZB i0q6GNXp5Nd3OLI3VEjlZ5BQZuX4UTCkFCdKQs/9g1PZ55tvZSPBbhvsBI74BjZl XfQsTXiyZ/a32OZvVIPFbSVD8fudtav5yKkQf87/3gUSDP6yyqZ1cO1yIz4Cn1kF EPXhBz8Ki/Zh2OzkTohuJrQnHyUqnloSMWtcYszwoXrSr60LOTrNY5Q6lOpY/GNR qqAlBlp1l/4u+iOmoqg8k7EDj+QF54DlawJv8mkYEpJBdmkcGJb8HfkOEnJTq4h/ kvV3yVqdEbjxag6hwLl16Ziv0+NKnUrpFQgurftJ/y0ih5e0BU1cAWFG21HlORbS X2riz9vrtC3aR5VHYUnVODwWmRnjL13DjPI1/w4SPN/Rewo8SNpLPbMM9WyP2dul zXYNwzyexMaxG0TGer70Lnb5jh2kOhy/IE9YoyOw1sGYvCIkUu5Gmra4FGHTA8kT EPRK1wQJjdJKVHO0TkC2lktdISH0vW04QUkneVcU7/MAueGBh7I8OHedFXFhOpPz Ed/T40JRhOkeHU/3ICA12o4kgDImXKgb0FR34+bPBZZpjJF9MM42STXJ2KhI7PXl rzteqmjIpE0gCKdSJ4C+q4NmBz0SWUK8WkZEyZbEUQS2z7nwkTQ= =Q65S - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9JfnWaOgq3Tt24GAQhf0w//VWC76qaR4Fyk9yPsC9FKM+OFac6GnOJ1 o3WhsYLCWH8Zn6owpl7wuFDOY5eFLjyumX7qDqTqgX5LvkGAMji4ed8NGN7yVKA+ paXTKegbxlAMX3AOd235npLi+4Pi7/e/TLcVT2zc4+ro8iKGj56qpJXAcbSE1I4u 6K+aKWkoPzuTaCFO2ADNgbij0501UQ25C2fYYHPILHbcTCfyfqnaMu7gks5LbnAx v2bkjKojPM3h+BqqExFGQ8NWLGolqBTeo29AukXJkkpstWFoDabb5gY5rU59QRwv D1tbY6kwfYNDGHgyedGvmIU0a5SfktMxqIRitsa3MVep1TEm0ag3iFW7jE/pqTIw o+qpUs3ozFvqb/0m+bCFuiyC2revt528YzHIWMVkOg9TmZNQJyDhTrycSnvt0o9z FYdIU/tr85Ci/ZsbW7On+y8bGwcIwcLeKTwf4/XozCL+i/WJ7IBWHZHF118vKF7i E/tghzpdCAS5qE3Iy9NM3S1nAqED3QPmsnByVPTLHmDn0J2rEzl87ki3L2Jim4UE rCyocT+mM1K/3PAN5UoNMD+ZuVTbGUryIubddI2MciJooThTQV1qQxDjcaQAiGgv 7YVZQGkrPDSrRlIMJGMT8JRej02dY/osFXUP31W6NHAJPZOt5vNV1sY2UczwQhHw Grl33hETYAs= =6Rgu -----END PGP SIGNATURE-----