Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.7.7-17. For the stable distribution (wheezy), this problem has been fixed in version 1.12.4-6+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.14.3-4. For the unstable distribution (sid), this problem has been fixed in version 1.14.3-4. We recommend that you upgrade your xorg-server packages.

The Xorg X server is an X server for several architectures and operating systems, which is derived from the XFree86 4.x series of X servers.

xorg-server on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2784.html

---

Updated on 2015-03-25