ASA-201810-15 generated external raw

[ASA-201810-15] xorg-server: privilege escalation
Arch Linux Security Advisory ASA-201810-15 ========================================== Severity: High Date : 2018-10-29 CVE-ID : CVE-2018-14665 Package : xorg-server Type : privilege escalation Remote : Yes Link : Summary ======= The package xorg-server before version 1.20.3-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 1.20.3-1. # pacman -Syu "xorg-server>=1.20.3-1" The problem has been fixed upstream in version 1.20.3. Workaround ========== None. Description =========== Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console. The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process. The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option. Impact ====== A local attacker can elevate privileges to root by passing crafted parameters to the Xorg X server. References ==========