Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

XWayland & X.Org Server See New Releases Due To Three More Security Vulnerabilities

Written by Michael Larabel in X.Org on 25 October 2023 at 06:35 AM EDT. 45 Comments

X.ORG

The X.Org Server and XWayland saw new point releases today as a result of three more security vulnerabilities being disclosed.

October began with new X.Org security vulnerabilities, two of which dated back to the year 1988. Now as we approach the end of October, three more vulnerabilities have been made public.

CVE-2023-5367 is an out-of-bounds write within the XIChangeDeviceProperty/RRChangeOutputProperty where memcpy() can end up writing into memory outside of the heap-allocated array. CVE-2023-5380 is for a use-after-free within DestroyWindow. The latter vulnerability only affects multi-monitor "Zaphod" mode setups. The third is CVE-2023-5574 and is another use-after-free bug, this time within DamageDestroy and also affecting multi-head Zaphod mode setups.

X.Org Server 21.1.9 and XWayland 23.2.2 were released today with the X.Org patches to address these out-of-bounds and use-after-free errors. These three CVEs come as a result of the Trend Micro Zero Day Initiative where they have also uncovered many other X.Org vulnerabilities over prior years.

More details on today's updates via this X.Org Security Advisory.

45 Comments

Related News

X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs

Explicit GPU Synchronization Merged For XWayland

X.Org Server & XWayland Hit By Four More Security Issues

The X.Org Foundation Needs More Candidates To Hold An Election

X.Org Server Clears Out Remnants For Supporting Old Compilers

X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Fedora Linux 40 Available For Download As A Wonderful Upgrade

AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"

Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries

Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"

GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance

Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times

GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks

Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations