ELA-794-1 xorg-server security update

use after free

2023-02-07
Packagexorg-server
Version2:1.16.4-1+deb8u10 (jessie), 2:1.19.2-1+deb9u13 (stretch)
Related CVEs CVE-2023-0494


Jan-Niklas Sohn, working with Trend Micro Zero Day Initiative, discovered a vulnerability in the X.Org X server. A potential use after free mighty result in local privilege escalation if the X server is running privileged or remote code execution during ssh X forwarding sessions.



For Debian 8 jessie, these problems have been fixed in version 2:1.16.4-1+deb8u10.

For Debian 9 stretch, these problems have been fixed in version 2:1.19.2-1+deb9u13.

We recommend that you upgrade your xorg-server packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.