Announcement

Collapse
No announcement yet.

X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

    Phoronix: X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

    Keith Packard announced the release of X.Org Server 1.17.1 today to fix another new X11 Server security vulnerability...

    http://www.phoronix.com/scan.php?pag....17.1-Released

  • #2
    Just look at how amazing X.Org is: you can do network-transparent buffer overflows.

    Comment


    • #3
      Originally posted by phoronix View Post
      Phoronix: X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

      Keith Packard announced the release of X.Org Server 1.17.1 today to fix another new X11 Server security vulnerability...

      http://www.phoronix.com/scan.php?pag....17.1-Released
      Ouch. Sounds like the same mistake made with Heartbleed.

      Comment


      • #4
        From the article:
        News of another security vulnerability isn't a huge surprise as the X11 Server has been home to many security issues dating back many years and there's many issues to find.
        Let's be honest, one could replace the words "the X11 Server" with the words "software written by humans" here. (And I wouldn't want to let generated code off too lightly either.)

        Comment


        • #5
          Oh noes, if I run untrusted software said untrusted software could hurt me.

          Comment


          • #6
            Originally posted by curaga View Post
            Oh noes, if I run untrusted software said untrusted software could hurt me.
            Oh look, someone can use a guest account to pwn your system without you ever realizing.

            As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...

            Comment


            • #7
              Originally posted by BlackStar View Post
              Oh look, someone can use a guest account to pwn your system without you ever realizing.

              As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...
              No.

              Its just that with OSS these vulnerabilities are easier to find and are fixed out in the open.

              This exploit is restricted to local software running on a local XServer, malicious software running in that local system you could easily just dump /dev/mem and read the exact same data. And the same can be achieved in Windows or OSX.

              The main problem that Xorg has is that it is a huge software project with a lot of code that is over 20 years old.

              Comment


              • #8
                Originally posted by johnc View Post
                Just look at how amazing X.Org is: you can do network-transparent buffer overflows.
                Comment of the year! XD
                ## VGA ##
                AMD: X1950XTX, HD3870, HD5870
                Intel: GMA45, HD3000 (Core i5 2500K)

                Comment


                • #9
                  Originally posted by BlackStar View Post
                  As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...
                  Yeah, sure... http://arstechnica.com/security/2015...ns-of-windows/

                  Comment


                  • #10
                    Originally posted by curaga View Post
                    Oh noes, if I run untrusted software said untrusted software could hurt me.
                    Yep. That is a problem and a real world one where people don't limit themselves to just a few repositories.

                    Also the X model makes it trivial to write keyboard loggers and snoop around. The best way to deal with that is sandboxing which will limit any damage that said untrusted applications can do and use Wayland.

                    https://github.com/alexlarsson/xdg-app looks promising

                    Comment

                    Working...
                    X