CVE-2018-14665: Xorg X Server privilege escalation vulnerabilities

Recently, X.Org Foundation developers released X.Org Server 1.20.3 to fix privilege escalation vulnerabilities. This issue has been assigned CVE-2018-14665.

The vulnerability was caused by the server not correctly verifying the two parameters, “-modulepath” and “-logfile“. The -modulepath parameter can be used to specify an unsafe path and execute code across permissions. The -logfile parameter can be used to implement arbitrary file coverage in the file system.

Red Hat Enterprise Linux, Fedora, CentOS, Debian, Ubuntu and OpenBSD have all been confirmed to be affected by this vulnerability, and the remaining distributions may also be affected.

Via: securepatterns