Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

X.Org Server & XWayland Hit By Four More Security Issues

Written by Michael Larabel in X.Org on 3 April 2024 at 02:56 PM EDT. 151 Comments

X.ORG

Last year the X.Org Server disabled byte-swapped clients by default over being a large and known attack surface within the X.Org/XWayland codebase. That's proven itself to further be the case with 3 of 4 new CVEs made public today being around the byte-swapped code.

The byte-swapped client support is around X.Org/XWayland clients of different CPU endianess to be able to connect to the X.Org Server. Different CPU endianess isn't to common these days and the byte-swapped client support was safely disabled last year without much fuss. Three CVEs made public today involve heap buffer over-read/data leakage within ProcXIGetSelectedEvents, ProcXIPassiveGrabDevice, ProcAppleDRICreatePixmap and due to the byte-swapped handling.

A former X.Org logo attempt posted in the forums.

The fourth issue raised today is a user-after-free within ProcRenderAddGlyphs.

XWayland 23.2.5 and X.Org Server 21.1.12 are published today for fixing these latest four security issues. Details within today's security advisory.

151 Comments

Related News

xconsole 1.1 Released - Preparing For Post-Y2038 Support, 18 Years After v1.0

X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs

Explicit GPU Synchronization Merged For XWayland

The X.Org Foundation Needs More Candidates To Hold An Election

X.Org Server Clears Out Remnants For Supporting Old Compilers

X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Fedora Linux 40 Available For Download As A Wonderful Upgrade

AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"

Systemd 256-rc1 Brings A Huge Number Of New Features

NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver

Microsoft Open-Sources MS-DOS 4.0 Under MIT License

Ubuntu 24.04 LTS Downloads Now Available

GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance

Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations