Announcement

Collapse
No announcement yet.

X.Org Server 1.16.3 Released To Fix Security Issues

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    X.Org Server 1.16.3 Released To Fix Security Issues

    Phoronix: X.Org Server 1.16.3 Released To Fix Security Issues

    Made public earlier this month was a huge batch of X.Org Server security vulnerabilities with some of the issues dating back to the late 1980s. Now X.Org Server 1.16.3 is available to address these problems...

    X.Org Server 1.16.3 Released To Fix Security Issues - Phoronix
    http://www.phoronix.com/vr.php?view=MTg2OTc
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Security mess

    X.Org is a security mess.

    X.Org and OpenSSL, the worst!

    Comment

    • #3
      Originally posted by uid313 View Post
      X.Org is a security mess.

      X.Org and OpenSSL, the worst!
      It's not nearly as bad as a web browser. At least 3 remote code execution vulnerabilities every 6 weeks here, and usually a lot more:

      Security Advisories for Firefox
      https://www.mozilla.org/en-GB/security/known-vulnerabilities/firefox/


      Plenty of security relevant fixes aren't listed there at all...

      Comment

      • #4
        X.org supports running as non-root now, which makes most of these vulnerabilities unremarkable. Any application with an X11 handle can grab all input events and view / manipulate all of the other windows... so there's little that can be done to provide meaningful security within an instance of it. Wayland makes it feasible to sandbox graphical applications (containers, MAC) without internal multi-processing / sandboxing.

        Comment

        • #5
          So what is the difference between 1.16.2.901 and 1.16.3? Does .3 offer more security fixes?

          Anyway, Arch has updates to 1.16.3 already.

          Comment

          • #6
            Originally posted by Xaero_Vincent View Post
            So what is the difference between 1.16.2.901 and 1.16.3?
            According to the git log, no difference beyond the version number.

            Comment

            • #7
              Originally posted by Xaero_Vincent View Post
              So what is the difference between 1.16.2.901 and 1.16.3? Does .3 offer more security fixes?

              Anyway, Arch has updates to 1.16.3 already.
              .901 will usually indicate a release candidate. The .3 is the final release, which had no changes.

              Comment

              • #8
                Originally posted by uid313 View Post
                X.Org is a security mess.

                X.Org and OpenSSL, the worst!
                OpenSSL made some horrible design choices, such as replacing parts of libstd just because they wanted to support super-obscure platforms.

                Xorg... Xorg got writen in the 80's and has had to maintain backwards compatibility since then. Let's see ANY project keep 30yrs of cruft hanging around without being a security nightmare.
                All opinions are my own not those of my employer if you know who they are.

                Comment

                • #9
                  Originally posted by Xaero_Vincent View Post
                  So what is the difference between 1.16.2.901 and 1.16.3? Does .3 offer more security fixes?

                  Anyway, Arch has updates to 1.16.3 already.
                  Difference is Debian's just in case - usual 10 day waiting period, even if nothing changes like in this case and all looks like stable it is just "looks like", so you need to wait a little (usually 10 day) for more eyes to approve that claim .

                  Comment

                  Previous template Next
                  Working...
                  X