remote code execution in xorg-x11

2011-04-13T13:39:33
ID SUSE-SA:2011:016
Type suse
Reporter Suse
Modified 2011-04-13T13:39:33

Description

The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen() without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 servers or to XDMCP clients. CVE-2011-0465 has been assigned to this issue.

Solution

There is no known workaround, please install the update packages.