BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: October 25th, 2018 (xserver)

Errata patches for Xorg have been released for OpenBSD 6.3 and 6.4.

The Xorg X server incorrectly validates certain options, allowing arbitrary
files to be overwritten.

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata pages:

  https://www.openbsd.org/errata63.html
  https://www.openbsd.org/errata64.html

If the X server is running, restart it after patching.

As an immediate (temporary) workaround, the Xorg binary's setuid bit can be
removed by running: chmod u-s /usr/X11R6/bin/Xorg