summaryrefslogtreecommitdiffstats
path: root/scripts/lib
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2018-11-01 11:15:58 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-11-01 13:27:26 +0000
commit411184bfaa6269bf2926bb2a576c0922958cbbb3 (patch)
tree8ec9a320e9375109287bfe62b022bf84cba58600 /scripts/lib
parent50614214097f90f53cedb1cd317098b025a57885 (diff)
downloadpoky-411184bfaa6269bf2926bb2a576c0922958cbbb3.tar.gz
xserver-xorg: fix CVE-2018-14665
Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is running with elevated privileges (ie when Xorg is installed with the setuid bit set and started by a non-root user). The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process. The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option. (From OE-Core rev: 14b5854d50c38e94fc0d1ce6af36698fc69f52b4) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/lib')
0 files changed, 0 insertions, 0 deletions