Debian 10250 Published by

For Debian GNU/Linux, updated debian-security-support and org-server packages are now available:

[DLA 3685-1] debian-security-support security update
[DSA 5576-1] xorg-server security update



[DLA 3685-1] debian-security-support security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3685-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Holger Levsen
December 13, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : debian-security-support
Version : 1:10+2023.13.12
Debian Bug : #982258, #1056606, #1053109.

debian-security-support, the Debian security support coverage checker, has been
updated in buster-security to mark the end of life of the following packages:

* gnupg1: see #982258.
* pluxml: removed from Debian. No upstream response to CVE.
* tor: see https://lists.debian.org/debian-lts/2023/11/msg00019.html
and #1056606.

Additionally these packages are now marked with limited support:

* samba support limited to non-AD DC uses cases: see #1053109 and
https://lists.debian.org/debian-security-announce/2021/msg00201.html
* webkit2gtk: see commit/0980414e8fc86d705ff9a7656c637af7b1170c6f

For Debian 10 buster, this has been documented in version 1:10+2023.13.12.

We recommend that you upgrade your debian-security-support packages.

For the detailed security status of debian-security-support please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/debian-security-support

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5576-1] xorg-server security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5576-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 13, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xorg-server
CVE ID : CVE-2023-6377 CVE-2023-6478

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2:1.20.11-1+deb11u9.

For the stable distribution (bookworm), these problems have been fixed in
version 2:21.1.7-3+deb12u3.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/