Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

X.Org Server & XWayland Hit By Four More Security Issues

Written by Michael Larabel in X.Org on 3 April 2024 at 02:56 PM EDT. 153 Comments

X.ORG

Last year the X.Org Server disabled byte-swapped clients by default over being a large and known attack surface within the X.Org/XWayland codebase. That's proven itself to further be the case with 3 of 4 new CVEs made public today being around the byte-swapped code.

The byte-swapped client support is around X.Org/XWayland clients of different CPU endianess to be able to connect to the X.Org Server. Different CPU endianess isn't to common these days and the byte-swapped client support was safely disabled last year without much fuss. Three CVEs made public today involve heap buffer over-read/data leakage within ProcXIGetSelectedEvents, ProcXIPassiveGrabDevice, ProcAppleDRICreatePixmap and due to the byte-swapped handling.

A former X.Org logo attempt posted in the forums.

The fourth issue raised today is a user-after-free within ProcRenderAddGlyphs.

XWayland 23.2.5 and X.Org Server 21.1.12 are published today for fixing these latest four security issues. Details within today's security advisory.

153 Comments

Related News

xcompmgr 1.1.10 Released For Classic "Eye Candy" Compositor On X.Org

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing

libX11 1.8.10 Brings Memory Safety Fixes

X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana

X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

Rustls Multi-Threaded Performance Is Battering OpenSSL

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience

KDE Starts December By Landing A Number Of New Features