Subject: [Security Fix] Xorg Local privilege escalation
To: None <current-users@NetBSD.org>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 03/28/2006 23:19:31
-----BEGIN PGP SIGNED MESSAGE-----
On the 15th March 2006 Xorg 7.0 modular was imported into xsrc/. On the
20th March 2006 the NetBSD Security Officer team became aware of a
security issue in the version imported into xsrc.
The original advisory for this issue can be found at:
The relevant CVE entry is CVE-2006-0745.
This vulnerability does not exist in the NetBSD 1.x, 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.
This issue was fixed in the NetBSD CVS tree on the 23rd of March 2006.
Users currently running NetBSD-current are advised to update the
This will update Xorg server to release 1.0.2 which resolves the known
To update from CVS:
# cd xsrc
# cvs update -d -P xorg/xserver/xorg
Michael Lorenz for the fixes in NetBSD-current.
On behalf of security-officer@,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v126.96.36.199 (MingW32)
-----END PGP SIGNATURE-----