USN-939-1 -- xorg-server vulnerabilities| ID: oval:org.secpod.oval:def:700161 | Date: (C)2011-01-28 (M)2023-02-20 |
| Class: PATCH | Family: unix |
Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges
| Platform: |
| Ubuntu 8.04 |
| Ubuntu 9.04 |
| Ubuntu 9.10 |
