Debian Security Advisory
DSA-2364-1 xorg -- incorrect permission check
- Date Reported:
- 18 Dec 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 652249.
In Mitre's CVE dictionary: CVE-2011-4613.
- More information:
The Debian X wrapper enforces that the X server can only be started from a console.
vladzdiscovered that this wrapper could be bypassed.
The oldstable distribution (lenny) is not affected.
For the stable distribution (squeeze), this problem has been fixed in version 7.5+8+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1:7.6+10.
We recommend that you upgrade your xorg packages.