X.Org is an open source implementation of the X Window System. It providesthe basic low-level functionality that full-fledged graphical userinterfaces are designed upon.A flaw was found in the X.Org X server resource database utility, xrdb.Certain variables were not properly sanitized during the launch of a user'sgraphical session, which could possibly allow a remote attacker to executearbitrary code with root privileges, if they were able to make the displaymanager execute xrdb with a specially-crafted X client hostname. Forexample, by configuring the hostname on the target system via a craftedDHCP reply, or by using the X Display Manager Control Protocol (XDMCP) toconnect to that system from a host that has a special DNS name.(CVE-2011-0465)Red Hat would like to thank Matthieu Herrb for reporting this issue.Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as theoriginal reporter.Users of xorg-x11 should upgrade to these updated packages, which contain abackported patch to resolve this issue. All running X.Org server instancesmust be restarted for this update to take effect.