Two More X.Org Server Security Advisories Issued - Possible Privilege Escalation

Written by Michael Larabel in X.Org on 1 December 2020 at 10:57 AM EST. 29 Comments
X.ORG
Trend Micro's Zero Day Initiative has uncovered two more security issues with the aging X.Org Server that as we roll into 2021 is still powering most of the Linux desktops.

The security researchers found multiple input validation failures with the X.Org Server's XKB keyboard extension. Insufficient checks on different checks could lead to out-of-bounds memory accesses or buffer overflows.

Details on the two CVEs can be found via xorg-announce.

The fixes have landed in X.Org Server Git while an X.Org Server 1.20.10 point release is expected in the near future. There's still no word or planning around any X.Org Server 1.21 feature release.

Given the age of the massive codebase, security vulnerabilities continue to be uncovered in this still widely used component to the Linux desktop stack. For years already security researchers have characterized the X.Org security as even worse than it looks and seemingly no shortage of issues still persisting.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week