Results 1 to 10 of 18

Thread: More X.Org Security Vulnerabilities Published, Date Back To X11R5

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    14,809

    Default More X.Org Security Vulnerabilities Published, Date Back To X11R5

    Phoronix: More X.Org Security Vulnerabilities Published, Date Back To X11R5

    There's been several high profile open-source security bugs uncovered recently from the well known OpenSSL heartbleed bug to an issue with the Linux kernel. Unfortunately, there's more to report today, but this time in the space of X.Org with multiple security issues that have been present going back to X11R5, which was released in 1991...

    http://www.phoronix.com/vr.php?view=MTY4OTA

  2. #2
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,103

    Default

    Good thing everybody (read: only specialized thin client setups) runs the font server.

  3. #3
    Join Date
    Sep 2007
    Posts
    313

    Default

    I used to run a ttf font server maybe 10 years ago to allow legacy apps to use ttf fonts... This bug should be fixed, of course, however is not as severe as the title and the abstract suggest.

  4. #4
    Join Date
    May 2014
    Posts
    14

    Default

    Yes, it has some vulnerabilities, but Wayland/Weston no? are perfect? LOL... Wayland and Weston will have more and dangerous bugs

  5. #5
    Join Date
    Sep 2007
    Posts
    313

    Default

    Quote Originally Posted by philipmorris View Post
    Yes, it has some vulnerabilities, but Wayland/Weston no? are perfect? LOL... Wayland and Weston will have more and dangerous bugs
    You're funny!

  6. #6
    Join Date
    Oct 2010
    Posts
    436

    Default

    Quote Originally Posted by philipmorris View Post
    Yes, it has some vulnerabilities, but Wayland/Weston no? are perfect? LOL... Wayland and Weston will have more and dangerous bugs
    Wayland is an API; if it has any bugs, it'll cause interoperability, portability, or compatibility problems--security problems, not so much.

    Weston (and other Wayland implementations) will have bugs, but most software does. If you had security problems with Gnome, you still will, but with Wayland you won't have to worry about that other process (the X server) being a potential attack vector.

  7. #7
    Join Date
    Feb 2011
    Posts
    1,127

    Default

    Quote Originally Posted by philipmorris View Post
    Wayland and Weston will have more and dangerous bugs
    And you conclude this based on...what, exactly?

  8. #8
    Join Date
    May 2011
    Posts
    1,498

    Default

    X.org: even its bugs are amazing.

  9. #9
    Join Date
    May 2014
    Posts
    14

    Default

    Quote Originally Posted by TheBlackCat View Post
    And you conclude this based on...what, exactly?
    First because is developed for be used primarily in smartphones and second because is developed in a race against canonical. And i know Wayland development begun before but righ now is a race
    Last edited by philipmorris; 05-13-2014 at 02:05 PM. Reason: primarily

  10. #10
    Join Date
    Sep 2011
    Posts
    260

    Default

    Quote Originally Posted by philipmorris View Post
    Yes, it has some vulnerabilities, but Wayland/Weston no? are perfect? LOL... Wayland and Weston will have more and dangerous bugs
    Is any sw of much more complexity than "hello world" perfect? No.. Is weston vastly more simple/straightforward than X11? Yes. Is that a good thing from a software security standpoint? Yes. Was wayland developed in an era where security/threat model was very differnt than today? No. Was X11? Yes.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •