* CVE-2018-14665 https://lists.x.org/archives/xorg-announce/2018-October/002928.html xorg-server 1.20.3 announced: "Fixes CVE-2018-14665 (local file overwrite bugs), and a trivial fix in fbdevhw initialization."
Oops, pasted wrong source url. Here's the advisory: * Advisory: https://lists.x.org/archives/xorg-announce/2018-October/002927.html Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is running with elevated privileges (ie when Xorg is installed with the setuid bit set and started by a non-root user). The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process. The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option. This issue has been assigned CVE-2018-14665. * Patch: https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e -- Gentoo Security Scout Vladimir Krstulja
*** This bug has been marked as a duplicate of bug 669588 ***
Freeing alias.