1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200608-25 / xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11 |
| Release Date | August 28, 2006 |
| Latest Revision | December 13, 2006: 02 |
| Impact | high |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| x11-apps/xdm | < 1.0.4-r1 | >= 1.0.4-r1 | All supported architectures |
| x11-apps/xinit | < 1.0.2-r6 | >= 1.0.2-r6 | All supported architectures |
| x11-apps/xload | < 1.0.1-r1 | >= 1.0.1-r1 | All supported architectures |
| x11-apps/xf86dga | < 1.0.1-r1 | >= 1.0.1-r1 | All supported architectures |
| x11-base/xorg-x11 | < 6.9.0-r2 | revision >= 6.8.2-r8, >= 6.9.0-r2 | All supported architectures |
| x11-base/xorg-server | < 1.1.0-r1 | revision >= 1.0.2-r6, >= 1.1.0-r1 | All supported architectures |
| x11-libs/libx11 | < 1.0.1-r1 | >= 1.0.1-r1 | All supported architectures |
| x11-libs/xtrans | < 1.0.0-r1 | >= 1.0.0-r1 | All supported architectures |
| x11-terms/xterm | < 215 | >= 215 | All supported architectures |
| app-emulation/emul-linux-x86-xlibs | < 7.0-r2 | >= 7.0-r2 | AMD64 |
Related bugreports: #135974
X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls.
X.org is an implementation of the X Window System.
Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result.
Local users could deliberately exceed their assigned resource limits and elevate their privileges after an unsuccessful set*uid() system call. This requires resource limits to be enabled on the machine.
There is no known workaround at this time.
All X.Org xdm users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xdm-1.0.4-r1" |
All X.Org xinit users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.0.2-r6" |
All X.Org xload users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xload-1.0.1-r1" |
All X.Org xf86dga users should upgrade to the latest version:
Code Listing 3.4: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xf86dga-1.0.1-r1" |
All X.Org users should upgrade to the latest version:
Code Listing 3.5: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-x11-6.9.0-r2" |
All X.Org X servers users should upgrade to the latest version:
Code Listing 3.6: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.1.0-r1" |
All X.Org X11 library users should upgrade to the latest version:
Code Listing 3.7: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libx11-1.0.1-r1" |
All X.Org xtrans library users should upgrade to the latest version:
Code Listing 3.8: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/xtrans-1.0.1-r1" |
All xterm users should upgrade to the latest version:
Code Listing 3.9: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/xterm-215" |
All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version:
Code Listing 3.10: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-xlibs-7.0-r2" |
Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures.