Opened 18 years ago

Closed 18 years ago

#1876 closed defect (fixed)

Security vulnerability in Xorg-6.9.0

Reported by: dnicholson@… Owned by: dnicholson@…
Priority: high Milestone: 6.2.0
Component: BOOK Version: SVN
Severity: major Keywords: security
Cc:

Description

As posted by Ag Hatzim on blfs-dev:

In addition and relative to this issue,a vulnerability has been found in the X.Org server [1],because the Xorg server is installed setuid root. The 1.0.2 release is not vulnerable,however the patch for 6.9.0 [2] should be put in the book.

  1. http://wiki.x.org/wiki/SecurityPage
  1. http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff

Change History (2)

comment:1 by dnicholson@…, 18 years ago

Owner: changed from blfs-book@… to dnicholson@…
Status: newassigned

This sed accomplishes the same as the patch:

sed -i 's/geteuid /geteuid() /' programs/Xserver/hw/xfree86/common/xf86Init.c

I will apply this to the book.

comment:2 by dnicholson@…, 18 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r5863.

Note: See TracTickets for help on using tickets.