Advisories » MGASA-2018-0421

Updated x11-server packages fix security vulnerability

Publication date: 27 Oct 2018
Modification date: 27 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14665

Description

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission
check for -modulepath and -logfile options when starting Xorg. X server
allows unprivileged users with the ability to log in to the system via
physical console to escalate their privileges and run arbitrary code under
root privileges (CVE-2018-14665).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23757
• https://www.openwall.com/lists/oss-security/2018/10/25/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665

SRPMS

6/core

• x11-server-1.19.5-1.2.mga6