xserver-xorg-legacy might make debian systems vulnerable to this bug: https://cve.mitre.org/cgi-bin/cvename.c ... 2018-14665
(and probably others too) because it allows xorg to be started with setuid root which is a security risk.
xserver-xorg-legacy is installed on my system but is not needed:
Code: Select all
apt-cache rdepends xserver-xorg-legacy
where the dependency for xserver-org is only a "recommend" - It's needed for the old nvidia driver though but that should not compromise everybodies security.
I can't reproduce the bug on my system which is not surprising given my limited knowledge. Just to be sure I'd suggest users to check whether xserver-xorg-legacy is needed with
and if that command doesn't show any dependency problems to repeat the command without "-s" (which means "simulate"). Obviously that's no option for users with that old type of nvidia card which seem to need root for xserver but those users (if there are any) should investigate an maybe upgrade.