The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opensuse | Opensuse | 13.2 (including) | 13.2 (including) |
| Xorg-server | Ubuntu | utopic | * |
| Xorg-server | Ubuntu | vivid | * |
| Xorg-server | Ubuntu | vivid/stable-phone-overlay | * |
| Xorg-server | Ubuntu | wily | * |
| Xorg-server-lts-quantal | Ubuntu | precise | * |
| Xorg-server-lts-raring | Ubuntu | precise | * |
| Xorg-server-lts-saucy | Ubuntu | precise | * |
| Xorg-server-lts-utopic | Ubuntu | trusty | * |
| Xorg-server-lts-utopic | Ubuntu | upstream | * |
| Xorg-server-lts-vivid | Ubuntu | trusty | * |
References
- http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
- http://www.securityfocus.com/bid/75535
- https://security.gentoo.org/glsa/201701-64
- http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
- http://www.securityfocus.com/bid/75535
- https://security.gentoo.org/glsa/201701-64