Two More X.Org Server Security Advisories Issued - Possible Privilege Escalation
Trend Micro's Zero Day Initiative has uncovered two more security issues with the aging X.Org Server that as we roll into 2021 is still powering most of the Linux desktops.
The security researchers found multiple input validation failures with the X.Org Server's XKB keyboard extension. Insufficient checks on different checks could lead to out-of-bounds memory accesses or buffer overflows.
Details on the two CVEs can be found via xorg-announce.
The fixes have landed in X.Org Server Git while an X.Org Server 1.20.10 point release is expected in the near future. There's still no word or planning around any X.Org Server 1.21 feature release.
Given the age of the massive codebase, security vulnerabilities continue to be uncovered in this still widely used component to the Linux desktop stack. For years already security researchers have characterized the X.Org security as even worse than it looks and seemingly no shortage of issues still persisting.
The security researchers found multiple input validation failures with the X.Org Server's XKB keyboard extension. Insufficient checks on different checks could lead to out-of-bounds memory accesses or buffer overflows.
Details on the two CVEs can be found via xorg-announce.
The fixes have landed in X.Org Server Git while an X.Org Server 1.20.10 point release is expected in the near future. There's still no word or planning around any X.Org Server 1.21 feature release.
Given the age of the massive codebase, security vulnerabilities continue to be uncovered in this still widely used component to the Linux desktop stack. For years already security researchers have characterized the X.Org security as even worse than it looks and seemingly no shortage of issues still persisting.
29 Comments