Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2983
xorg-server security update
31 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: xorg-server
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-14362 CVE-2020-14361 CVE-2020-14347
CVE-2020-14346 CVE-2020-14345
Reference: ESB-2020.2958
ESB-2020.2914
ESB-2020.2905
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2359
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2359-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 30, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : xorg-server
Version : 2:1.19.2-1+deb9u6
CVE ID : CVE-2020-14345 CVE-2020-14346 CVE-2020-14347
CVE-2020-14361 CVE-2020-14362
Several issues have been found in xorg-server, the X server from xorg.
Basically all issues are out-of-bounds access or integer underflows in
different request handlers. One CVE is about a leak of uninitialize heap
memory to clients.
For Debian 9 stretch, these problems have been fixed in version
2:1.19.2-1+deb9u6.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9MHMlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfTww/+PtbsaDHf3/vJ7RLm3tJ2ejHzS5oWQPSW2lrdT6ioj5FgXJRPmsSb6oaz
jOvbXZuEGSLRF5SxpaR1nA+47NqyjH7KRLPGyQN5KBV/vG532v0BKSP3S7inldjO
yo2Z8sGiTbSjoTf8qH9k/2OpYi6uJqzIgsjjTnendVLlOuEDFUGmZzgA7NlPFtZN
GlPqLn3JnE/zMN/vc0BYcNG93JNwowhNDsRAEvTjU5HKCOJKvzMjD55s2Dkb8bDN
xrzBzyKbMa3ngN3pvbY9cQWSgP5X3yhChANRw+9ILQyoNZpUxEviPiVyGGmLxpJs
9yUWR0eCgMycaLAIdJG/lhOtE7Zcwc9Sph5DeFqD4BXSL8DiKDnsCukqOnNxeoVD
uUL7RAQeYZJnpB/q0lI36cYOSwnGaJZg8gdv9xZfcyEpQ4ABWXu5sxarNMVy6QY7
33XR0cl1NxmHWxJ4ur55OwkJQZ/ncsdv9TSxKWaYY0Jq+FT1Blrcrumd7tG6jTJU
LjCUplHQDx7uBWiTXy/oKLlnKQPrb1XFz9FSccou4so86hhhoa+S/P7voIhhvl5X
yCTEyaivnVBXA2MNAFh7Yzpn7TAlJUAooINZRJUqcyvNsAdQVPXOy5DM/KLbaR2S
l0QGv0oWVzkgDC9oLdRrdXSYccMjARwu1d1M0xoQnvdiTHlSdIo=
=GryC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX0yJ3ONLKJtyKPYoAQg8Bg/8DqZfIXdsyiDhZbA/PR1LF6VuNlkZNkgA
Jn/vH8icKsC/2oiFN53MAdBPzlScHEBVRC+FGY9zpwYoZDnqtcuNN0cwKlFf7iBl
AdHRut9ouYMYSEZbuSgR42sg0PqjZTIgrFa/LMh20w2KUOQQaMso6S96htstw02+
I9HjABpXEF6eLYGIHQzBQ8N53tRfar3/fbRKsBPLo33Uu5o4ztzcl1jpdjX1POEf
5mgy0DcwfbgIbInaGUWhTCY+rxVWIPzDv8zwOzldpBgvfcigClk8WmsHssTxTc2l
X7IWnOXisYxU6GvHnze7Nc/ABWgD2XRTdOohk9IpdmCA+8dNa82yD4bz5hWjkg69
VcmJjfcRIRnB6h0c5oFxwAI9O+zZclEqfSttrgfP49ZQvhJNMckIjIFUPZcPRp2Z
XJsAcEZ3WH7DZBrI9WlUhueFbuliZdRvCc98q6iYzoaauYyGJaKGEslUFDp98C8f
NiVdwI0jqp2DVA1BWKQDdZq3CtWsNjB5qoEReO9cdgcb7ysniT33gzDXMSDTVRqE
fnOLlP2te9ot6S8C7I5sYMmHQ7YHRw6Tpn1aIXP7kq5eLcSzIshQ6Qi7yB8WHxm8
YFXUOfpMd5pGuHvEsetKlBuGR6wD4VRvB6Y0iCjDTNlXIxlt97RXXhaioAWH+mjH
tqq4VMa7QCA=
=35sS
-----END PGP SIGNATURE-----