Security Information / 2011 / Security Information -- DSA-2364-1 xorg

Debian Security Advisory

DSA-2364-1 xorg -- incorrect permission check

Date Reported:

18 Dec 2011

Affected Packages:

xorg

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 652249.
In Mitre's CVE dictionary: CVE-2011-4613.

More information:

The Debian X wrapper enforces that the X server can only be started from a console. vladz discovered that this wrapper could be bypassed.

The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in version 7.5+8+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 1:7.6+10.

We recommend that you upgrade your xorg packages.