X.Org Hit By New Round Of Security Issues, Multiple Libraries Affected
Back in 2013 we heard how X.Org security is worse than it looks and how for a period there were many X.Org security issues. It's been a while since last seeing a number of X.Org security vulnerabilities come about at once, but that's changed with this morning's disclosure.
Courtest of OpenBSD developers, they have uncovered protocol handling issues in X Window System client libraries. This is on top of the earlier X.Org security disclosures.
Matthieu Herrb explained, "Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged than the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges."
Libraries found to be affected by this latest round of X.Org security issues include libX11, libXfixes, libXi, libXrandr, libXrender, XRecord, libXv, and libXvMC... Pretty much all of the core X.Org libraries you'll want to be updating. Fixes are available to address the range of poor validation of data from the X.Org Server; the changes are in Git while new releases of these key libraries will be available shortly.
Courtest of OpenBSD developers, they have uncovered protocol handling issues in X Window System client libraries. This is on top of the earlier X.Org security disclosures.
Matthieu Herrb explained, "Most of these issues stem from the client libraries trusting the server to send correct protocol data, and not verifying that the values will not overflow or cause other damage. Most of the time X clients & servers are run by the same user, with the server more privileged than the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges."
Libraries found to be affected by this latest round of X.Org security issues include libX11, libXfixes, libXi, libXrandr, libXrender, XRecord, libXv, and libXvMC... Pretty much all of the core X.Org libraries you'll want to be updating. Fixes are available to address the range of poor validation of data from the X.Org Server; the changes are in Git while new releases of these key libraries will be available shortly.
5 Comments