CVE-2018-14665 : Xorg X Server Vulnerabilities

[Protokol]

hello,

a "new" security vulnerability found on linux systems, security patch on the way ?

see https://www.securepatterns.com/2018/10/ ... erver.html

[Richard]

Well, perhaps.
Although it was only reported yesterday I imagine that work has already begun.

[timkb4cq]

https://security-tracker.debian.org/tra ... 2018-14665
As you can see, it's already patched in stretch (MX-17) and jessie (MX-15/16)

[ChrisUK]

Auto updated (MX Upater) this morning at 05:51 (UK time, about 9 hours ago)

Code: Select all

2018-10-26  05:51:41  upgrade  xserver-xorg-core                       amd64  2:1.19.2-1+deb9u2               2:1.19.2-1+deb9u4
2018-10-26  05:51:40  upgrade  xserver-xorg-legacy                     amd64  2:1.19.2-1+deb9u2               2:1.19.2-1+deb9u4
2018-10-26  05:51:39  upgrade  xserver-common                          all    2:1.19.2-1+deb9u2               2:1.19.2-1+deb9u4
2018-10-26  05:51:32  upgrade  openjdk-8-jre-headless                  amd64  8u181-b13-1~deb9u1              8u181-b13-2~deb9u1
2018-10-26  05:51:31  upgrade  openjdk-8-jre                           amd64  8u181-b13-1~deb9u1              8u181-b13-2~deb9u1

[Protokol]

ok, I didn't even noticed the update, you're right!

[Stevo]

Since we decided to push openjdk-8 as the default Java in MX 15/16, that means we need to backport the Stretch security update...working on it. That's one of the ones I can't do the easy way in pbuilder, I think.