GLSA-200710-16 : X.Org X server: Composite local privilege escalation
Medium Nessus Plugin ID 27051
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200710-16 (X.Org X server: Composite local privilege escalation)
Aaron Plattner discovered a buffer overflow in the compNewPixmap() function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root.
Disable the Composite extension by setting ' Option 'Composite' 'disable' ' in the Extensions section of xorg.conf.
Note: This could affect the functionality of some applications.
SolutionAll X.Org X server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-126.96.36.199-r1'