Hi all,

I see that the updated package for this is coming soon (it's in
https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.scientificlinux.org_linux_scientific_7rolling_testing_x86-5F64_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=b1EjH22FCE8r-fcoGl-SLxt9G0XIS4rPsQL8UKqnbc4&s=D-LfxoLpNCvS3D0YNQ9y0uE2wqeKSHFSMKBMMgol5Vk&e=),
but just in the meantime to flag this for anyone (like me) who didn't grasp
the significance of this Xorg bug:

There's a one-liner local privilege escalation to root if a user has
console access:

https://urldefense.proofpoint.com/v2/url?u=https-3A__www.theregister.co.uk_2018_10_25_x-5Forg-5Fserver-5Fvulnerability_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=b1EjH22FCE8r-fcoGl-SLxt9G0XIS4rPsQL8UKqnbc4&s=YhZx_CQ_EVk7_uu90rDNmATTbt5wwTZVni7u8SWO2W8&e=

See these for the background (it's not just RedHat-based systems):

https://urldefense.proofpoint.com/v2/url?u=https-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2018-2D14665&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=b1EjH22FCE8r-fcoGl-SLxt9G0XIS4rPsQL8UKqnbc4&s=aJ1jCxRTlnZWPI5JHHeYCLHuV4pULZSN98QsRZg889w&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.redhat.com_show-5Fbug.cgi-3Fid-3DCVE-2D2018-2D14665&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=b1EjH22FCE8r-fcoGl-SLxt9G0XIS4rPsQL8UKqnbc4&s=RewEdGJv681_o50C5TFx5LKkPkFo0lbIW2QxjSHERQA&e=

The interim fix is to remove the setuid bit from /usr/bin/Xorg. I've tested
this on some of our systems and it doesn't seem to break things.

Paddy

-- 
Paddy Doyle
Trinity Centre for High Performance Computing,
Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
Phone: +353-1-896-3725
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tchpc.tcd.ie_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=b1EjH22FCE8r-fcoGl-SLxt9G0XIS4rPsQL8UKqnbc4&s=5_6mb8JwWYdcL_-ECtNgn3-_RWn424jKeE8mLmYK8rs&e=