CVE-2015-3164 Information

Description

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Reference

http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html http://www.securityfocus.com/bid/75535 https://security.gentoo.org/glsa/201701-64