The Xaw library contains a flaw that may allow a local malicious user to overflow a buffer associated to the inputMethod and preeditType resources. The issue is triggered when a specially crafted string containing machine code is used to set a specific resource in any application utilizing the Xaw library. It is possible that the flaw may allow the user to gain root privileges by spawning a setuid-root shell resulting in a loss of integrity.
Upgrade to X11 to version X11R6.5 or higher, and upgrade XFree86 to version 3.3.2 patch 1 or higer, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround.
Remove the setuid root bit from any application utilizing the Xaw library:
chmod 0755 /path/to/application