1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00
Files
Ross Burton 411184bfaa xserver-xorg: fix CVE-2018-14665
Incorrect command-line parameter validation in the Xorg X server can lead to
privilege elevation and/or arbitrary files overwrite, when the X server is
running with elevated privileges (ie when Xorg is installed with the setuid bit
set and started by a non-root user). The -modulepath argument can be used to
specify an insecure path to modules that are going to be loaded in the X server,
allowing to execute unprivileged code in the privileged process. The -logfile
argument can be used to overwrite arbitrary files in the file system, due to
incorrect checks in the parsing of the option.

(From OE-Core rev: 14b5854d50c38e94fc0d1ce6af36698fc69f52b4)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-01 13:27:26 +00:00
..