Announcement

Collapse
No announcement yet.

X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • JS987
    replied
    Originally posted by michael-vb View Post
    Let's be honest, one could replace the words "the X11 Server" with the words "software written by humans" here. (And I wouldn't want to let generated code off too lightly either.)
    more exactly: software written in programming languages which allow buffer overflows like C

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by curaga View Post
    Oh noes, if I run untrusted software said untrusted software could hurt me.
    Yep. That is a problem and a real world one where people don't limit themselves to just a few repositories.

    Also the X model makes it trivial to write keyboard loggers and snoop around. The best way to deal with that is sandboxing which will limit any damage that said untrusted applications can do and use Wayland.

    https://github.com/alexlarsson/xdg-app looks promising

    Leave a comment:


  • halo9en
    replied
    Originally posted by BlackStar View Post
    As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...
    Yeah, sure... http://arstechnica.com/security/2015...ns-of-windows/

    Leave a comment:


  • darkbasic
    replied
    Originally posted by johnc View Post
    Just look at how amazing X.Org is: you can do network-transparent buffer overflows.
    Comment of the year! XD

    Leave a comment:


  • danwood76
    replied
    Originally posted by BlackStar View Post
    Oh look, someone can use a guest account to pwn your system without you ever realizing.

    As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...
    No.

    Its just that with OSS these vulnerabilities are easier to find and are fixed out in the open.

    This exploit is restricted to local software running on a local XServer, malicious software running in that local system you could easily just dump /dev/mem and read the exact same data. And the same can be achieved in Windows or OSX.

    The main problem that Xorg has is that it is a huge software project with a lot of code that is over 20 years old.

    Leave a comment:


  • BlackStar
    replied
    Originally posted by curaga View Post
    Oh noes, if I run untrusted software said untrusted software could hurt me.
    Oh look, someone can use a guest account to pwn your system without you ever realizing.

    As long as we are using X, Linux desktops will remain worse security-wise than Mac OS or even Windows...

    Leave a comment:


  • curaga
    replied
    Oh noes, if I run untrusted software said untrusted software could hurt me.

    Leave a comment:


  • michael-vb
    replied
    From the article:
    News of another security vulnerability isn't a huge surprise as the X11 Server has been home to many security issues dating back many years and there's many issues to find.
    Let's be honest, one could replace the words "the X11 Server" with the words "software written by humans" here. (And I wouldn't want to let generated code off too lightly either.)

    Leave a comment:


  • Guest
    Guest replied
    Originally posted by phoronix View Post
    Phoronix: X.Org Server 1.17.1 Released To Fix Yet Another X Security Vulnerability

    Keith Packard announced the release of X.Org Server 1.17.1 today to fix another new X11 Server security vulnerability...

    http://www.phoronix.com/scan.php?pag....17.1-Released
    Ouch. Sounds like the same mistake made with Heartbleed.

    Leave a comment:


  • johnc
    replied
    Just look at how amazing X.Org is: you can do network-transparent buffer overflows.

    Leave a comment:

Working...
X