Lucene search

K
debianDebianDEBIAN:DLA-3686-1:AD230
HistoryDec 13, 2023 - 8:30 a.m.

[SECURITY] [DLA 3686-1] xorg-server security update

2023-12-1308:30:41
lists.debian.org
4
xorg-server
privilege escalation
debian 10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.273 Low

EPSS

Percentile

96.8%


Debian LTS Advisory DLA-3686-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
December 13, 2023 https://wiki.debian.org/LTS


Package : xorg-server
Version : 2:1.20.4-1+deb10u11
CVE ID : CVE-2023-6377 CVE-2023-6478

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.

For Debian 10 buster, these problems have been fixed in version
2:1.20.4-1+deb10u11.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.273 Low

EPSS

Percentile

96.8%