|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-664-1 (libxrender)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 664-1] libxrender security update 


Date:
    	      Tue, 18 Oct 2016 16:37:43 +0200


Message-ID:
    	      <c1c86edc-7c31-0488-d46b-8a01fabb3e51@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxrender
Version        : 1:0.9.7-1+deb7u3
CVE ID         : CVE-2016-7949 CVE-2016-7950
Debian Bug     : 840443


Tobias Stoeckmann from the OpenBSD project has discovered a number of
issues in the way various X client libraries handle the responses they
receive from servers. Insufficient validation of data from the X server
could cause out of boundary memory writes in the libXrender library
potentially allowing the user to escalate their privileges.

For Debian 7 "Wheezy", these problems have been fixed in version
1:0.9.7-1+deb7u3.

We recommend that you upgrade your libxrender packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJYBjO3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk3zMP/1F268UQCAQfAb+YkwDKjKA4
2fLthgqK+4Fgh+I+PENwMImqarsP4TDQcH71ZNlhG9sdCg6hM47V3tNlbMTxx7E0
/Gj5NNkQGCKudOwW+zaZMm9hFrIuJziQEANHSz6J0BbZCFyy1kdCbPmBLvKvhiZ7
IF62BwDEvJy6Me3pRsuLEwo5yOC7f2WFAVIyWnaWUV9jOtQ2RtOcO044xVWDA2Nj
pSpkhlHP152ljIR4undPyEb9vStBVDE71lXR155N3XzWnZ63XU1p4UvgU++LkoVo
R1zRE6mLntP4/5zHDMwH/iKPMrTbBGn0SO3T01iTD01LOt0ic2Ay714XFSdq6mBM
xK6EtSOQrv35xJ+a0kJwAVnb68gBSCgrhVPgiE2oCeWawZRWBSzCIm/cH0a8Zxuh
wfWqehM0nokQEa4QNnwjCJudXvm7EdMWjeYOSby7o65fC0AHF/oMHQVsmg0BqIno
ztYK1tE1nzes/7jBgzgNpESBLB9MhlrT1rbrF8LJShQk8PaWPGb75Ys3eFRBhTxJ
Vh+u+7uOVEli8RsdvLSnC1fc4QAemAwOl04bZTg0D1dghsYQ2QACst7w6N9YNCEA
E1OyA/6By9nklTolHN5JAo4SWyWskILM8gD4YfS68Pw6CsL2tFnR7bMHDww2SKB2
UpJh7VLQNIW4iVOmpq1Q
=YwXc
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds