Chris Adams píše v Čt 01. 11. 2018 v 09:53 -0500: > Once upon a time, Cătălin George Feștilă <catalinfest@xxxxxxxxx> > said: > > Thank you! > > > > On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald < > > h.reindl@xxxxxxxxxxxxx> wrote: > > > > > > > > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă: > > > > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html > > > > > > https://fedoraproject.org/wiki/Features/RemoveSETUID > > > Targeted release: Fedora 15 > > > > > > ls -la /usr/bin/Xorg > > > -rwxr-xr-x 1 root root 273 2018-04-23 20:16 /usr/bin/Xorg > > That means nothing... that's just a shell script that calls: > > $ ls -l /usr/libexec/Xorg.wrap > -rwsr-xr-x. 1 root root 11376 Apr 12 2018 /usr/libexec/Xorg.wrap > > which is where the problem lies. I think SELinux should help > (because > it should stop writes to lots of things), but I haven't seen a bug or > statement from Fedora about vulnerability. I wonder if Fedora has even been affected. I was not able to reproduce the exploit on Fedora 29 Workstation (with Xorg older than the one fixing the issue). Jiri > > Chris Adams <linux@xxxxxxxxxxx> > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
