Debian 11: DLA-3940-1 critical: xorg-server local privilege escalation
debian lts
October 29, 2024
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative found an issue in the X server and Xwayland implementations published by X.Org
Summary
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative found an
issue in the X server and Xwayland implementations published by X.Org.
CVE-2024-9632 can be triggered by providing a modified bitmap to the X.Org
server. This may lead to local privilege escalation if the server is run
as root or remote code execution (e.g. x11 over ssh).
For Debian 11 bullseye, this problem has been fixed in version
2:1.20.11-1+deb11u14.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/xorg-server
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently as
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: xorg-server
Version: 2:1.20.11-1+deb11u14
CVE ID: CVE-2024-9632
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!