ASA-2018-00003 – Xorg: Incorrect command-line parameter validation

Xorg version 1.19.0 and later incorrectly allows the user to specify insecure parameter when running as privileged user. The option -logfile allows the user to overwrite arbitrary files on the system and the option -modulepath allows the user to load arbitrary modules. There's also a format string vulnerability in the option -logfile. Both options when exploited by an attacker allows privilege escalation and information leakage.