diff options
| author | Ross Burton <ross.burton@intel.com> | 2018-11-01 11:15:58 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-01 13:27:17 +0000 |
| commit | 14b5854d50c38e94fc0d1ce6af36698fc69f52b4 (patch) | |
| tree | f752597b9952a150c28705adb488a10fd9b80788 /scripts/lib/scriptpath.py | |
| parent | 1fd7d0f2fbf7e200844c675ddb77513a8d5d7327 (diff) | |
| download | openembedded-core-14b5854d50c38e94fc0d1ce6af36698fc69f52b4.tar.gz openembedded-core-14b5854d50c38e94fc0d1ce6af36698fc69f52b4.tar.bz2 openembedded-core-14b5854d50c38e94fc0d1ce6af36698fc69f52b4.zip | |
xserver-xorg: fix CVE-2018-14665
Incorrect command-line parameter validation in the Xorg X server can lead to
privilege elevation and/or arbitrary files overwrite, when the X server is
running with elevated privileges (ie when Xorg is installed with the setuid bit
set and started by a non-root user). The -modulepath argument can be used to
specify an insecure path to modules that are going to be loaded in the X server,
allowing to execute unprivileged code in the privileged process. The -logfile
argument can be used to overwrite arbitrary files in the file system, due to
incorrect checks in the parsing of the option.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib/scriptpath.py')
0 files changed, 0 insertions, 0 deletions