(CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server’s UNIX socket was able to connect to the server and use it as a regular client. http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html