Release date:
Updated on: 2012-04-19
Affected Systems:
X.org
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53150
X. Org is the open-source implementation of X Window System by X. Org Foundation.
X. org build missing-D_FORTIFY_SOURCE = 2. When an input device with a malicious name is added, its logging subsystem has a local format string vulnerability. Attackers can exploit this vulnerability to execute arbitrary code.
<* Source: Kees Cook (kees@ubuntu.com)
Link: http://seclists.org/oss-sec/2012/q2/110
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
X.org
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.x.org/