A libxrender security update has been released for Debian GNU/Linux 8 Extended LTS to address two issues.

ELA-288-1 libxrender security update

Package libxrender
Version 1:0.9.8-1+deb8u1
Related CVEs CVE-2016-7949 CVE-2016-7950

Two issues have been found in libxrender, a X Rendering Extension client library.

Tobias Stoeckmann from the OpenBSD project has discovered issues in the way various X client libraries handle the responses they receive from servers. Insufficient validation of data from the X server could cause out of boundary memory writes in the libXrender library potentially allowing the user to escalate their privileges.

For Debian 8 jessie, these problems have been fixed in version 1:0.9.8-1+deb8u1.

We recommend that you upgrade your libxrender packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-288-1 libxrender security update