Files
poky/meta
Ross Burton 411184bfaa xserver-xorg: fix CVE-2018-14665
Incorrect command-line parameter validation in the Xorg X server can lead to
privilege elevation and/or arbitrary files overwrite, when the X server is
running with elevated privileges (ie when Xorg is installed with the setuid bit
set and started by a non-root user). The -modulepath argument can be used to
specify an insecure path to modules that are going to be loaded in the X server,
allowing to execute unprivileged code in the privileged process. The -logfile
argument can be used to overwrite arbitrary files in the file system, due to
incorrect checks in the parsing of the option.

(From OE-Core rev: 14b5854d50c38e94fc0d1ce6af36698fc69f52b4)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-01 13:27:26 +00:00
..
2018-09-11 10:46:17 +01:00
2018-10-29 17:37:26 +00:00
2018-10-29 17:01:45 +00:00
2018-09-21 18:45:47 -07:00
2014-01-02 12:58:54 +00:00
2016-01-07 13:40:14 +00:00