Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-4613

Published: 15 December 2011

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Notes

AuthorNote
jdstrand 
requires pty access. In combination with CVE-2011-4029 this becomes
more important, but that CVE is fixed in Ubuntu.
mdeslaur 
Debian fixed this by dropping support for alternate TTY devices,
which we need for upstart support. See changelog for
(1:7.4~2ubuntu2) and (1:7.4~4).

Priority

Medium

Status

Package Release Status
xorg
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (1:7.5+5ubuntu1.1)
maverick
Released (1:7.5+6ubuntu3.1)
natty
Released (1:7.6+4ubuntu3.2)
oneiric
Released (1:7.6+7ubuntu7.1)
upstream
Released (1:7.6+10)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading