A xorg-server security update has been released for Debian GNU/Linux 8 Extended LTS to address privilege escalation for authorized clients.
ELA-405-1 xorg-server security update
Package xorg-server
ELA-405-1 xorg-server security update
Version 2:1.16.4-1+deb8u5
Related CVEs CVE-2021-3472
Jan-Niklas Sohn discovered that there was an input validation failure in the X.Org display server.
Insufficient checks on the lengths of the XInput extension’s ChangeFeedbackControl request could have lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorised clients, particularly on systems where the X server is running as a privileged user.
For Debian 8 Jessie, these problems have been fixed in version 2:1.16.4-1+deb8u5.
We recommend that you upgrade your xorg-server packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
