Lucene search

K
debianDebianDEBIAN:DLA-3256-1:86DD5
HistoryDec 31, 2022 - 12:45 p.m.

[SECURITY] [DLA 3256-1] xorg-server security update

2022-12-3112:45:53
lists.debian.org
29
xorg-server
2:1.20.4-1+deb10u7
cve-2022-4283
privilege escalation
debian 10 buster

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.104

Percentile

95.1%


Debian LTS Advisory DLA-3256-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
December 31, 2022 https://wiki.debian.org/LTS


Package : xorg-server
Version : 2:1.20.4-1+deb10u7
CVE ID : CVE-2022-4283 CVE-2022-46340 CVE-2022-46341
CVE-2022-46342 CVE-2022-46343 CVE-2022-46344

Jan-Niklas Sohn discovered several vulnerabilities in X server extensions
in the X.Org X server, which may result in privilege escalation if the X
server is running privileged.

For Debian 10 buster, these problems have been fixed in version
2:1.20.4-1+deb10u7.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.104

Percentile

95.1%