USN-3802-1: X.Org X server vulnerability
26 October 2018
X.Org X server could be made to overwrite files as the administrator.
Releases
Packages
- xorg-server - X.Org X11 server
- xorg-server-hwe-16.04 - X.Org X11 server
Details
Narendra Shinde discovered that the X.Org X server incorrectly handled
certain command line parameters when running as root with the legacy
wrapper. When certain graphics drivers are being used, a local attacker
could possibly use this issue to overwrite arbitrary files and escalate
privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
Ubuntu 18.04
Ubuntu 16.04
After a standard system update you need to reboot your computer to make
all the necessary changes.