| Package | xorg-server |
|---|---|
| Version | 2:1.16.4-1+deb8u17 (jessie), 2:1.19.2-1+deb9u20 (stretch), 2:1.20.4-1+deb10u15 (buster) |
| Related CVEs | CVE-2024-9632 |
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative found an issue in the X server and Xwayland implementations published by X.Org. CVE-2024-9632 can be triggered by providing a modified bitmap to the X.Org server. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).
For Debian 10 buster, these problems have been fixed in version 2:1.20.4-1+deb10u15.
For Debian 8 jessie, these problems have been fixed in version 2:1.16.4-1+deb8u17.
For Debian 9 stretch, these problems have been fixed in version 2:1.19.2-1+deb9u20.
We recommend that you upgrade your xorg-server packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.