blob: 7cfd9b1fea3ed1cb735fc3596b6dfad965bc7861 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200710-16">
<title>X.Org X server: Composite local privilege escalation</title>
A vulnerability has been discovered in the Composite extension of the X.Org
X server, allowing for a local privilege escalation.
<product type="ebuild">X.Org</product>
<announced>October 14, 2007</announced>
<revised>October 14, 2007: 01</revised>
<package name="x11-base/xorg-server" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
The X Window System is a graphical windowing system based on a
client/server model.
Aaron Plattner discovered a buffer overflow in the compNewPixmap()
function when copying data from a large pixel depth pixmap into a
smaller pixel depth pixmap.
<impact type="high">
A local attacker could execute arbitrary code with the privileges of
the user running the X server, typically root.
Disable the Composite extension by setting ' Option "Composite"
"disable" ' in the Extensions section of xorg.conf.
Note: This could affect the functionality of some applications.
All X.Org X server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=x11-base/xorg-server-;</code>
<uri link="">CVE-2007-4730</uri>
<metadata tag="requester" timestamp="Tue, 02 Oct 2007 20:35:12 +0000">
<metadata tag="bugReady" timestamp="Tue, 02 Oct 2007 20:35:33 +0000">
<metadata tag="submitter" timestamp="Mon, 08 Oct 2007 00:30:05 +0000">