An X.Org security advisory

It turn out that the X.org server, versions 1.19.0 and after, contain an
easily exploitable privilege escalation vulnerability. Anybody who is
running a system that has X installed setuid root, and which has untrusted
users on it, will want to install the update. 'X.Org recommends the
use of a display manager to start X sessions, which does not require Xorg
to be installed setuid.'