The officially official Devuan Forum!

You are not logged in.

#1 2018-10-26 01:36:23

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Heads up: X Server exploit CVE-2018-14665

Hello:

I have not seen this posted in the Dev1 forum yet but if it this is the wrong place, please move it as necessary.

A two year old X Server vulnerability has seen the light, reported by Narendra Shinde and Red Hat a couple of days ago, it's CVE-2018-14665.

cve site wrote:

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Here's an article about it from The Register:

https://www.theregister.co.uk/2018/10/2 … erability/

Here's the cve entry:

https://cve.mitre.org/cgi-bin/cvename.c … 2018-14665

Here's a link to a gitlab post:

https://gitlab.freedesktop.org/xorg/xse … 7c86fe330e

Apparently, it does not affect those of us using a display manager to start an X session, so I guess most of us are covered (?).

In any case, I guess a patch/update should be forthcoming soon.

Cheers,

A.

Offline

#2 2018-10-26 15:06:24

Ogis1975
Member
Registered: 2017-04-21
Posts: 307  
Website

Re: Heads up: X Server exploit CVE-2018-14665

In any case, I guess a patch/update should be forthcoming soon.

Hello. Security updates for this  vulnerability already in the mirrors. Just run

apt update

and

apt upgrade

What economists call over-production is but a production that is above the purchasing power of the worker, who is reduced to poverty by capital and state.
            ----+- Peter Kropotkin -+----

Offline

#3 2018-10-26 16:09:46

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Re: Heads up: X Server exploit CVE-2018-14665

Hello:

Ogis1975 wrote:

Security updates for this  vulnerability already in the mirrors.

Indeed ...
Saw it not 15' after I posted.
Fast as lightning.  =-)

A big Thank You! to the maintainers.

Cheers,

A.

Offline

Board footer