X.Org Server & XWayland Updated Due To New Round Of Security Vulnerabilities

Written by Michael Larabel in X.Org on 14 December 2022 at 05:07 AM EST. 92 Comments
X.ORG
The X.Org Server and XWayland have new releases out ahead of the holidays, but it's not for Christmas feature releases and instead for fixing a number of new security issues.

It's been well exhibited over the past decade about the security issues with the aging X.Org/X11 codebase and new security vulnerabilities routinely coming to light. The X.Org Server keeps getting hit hard by new security issues as researchers poke at the aging codebase. XWayland that relies on core X.Org Server parts too is also routinely in the crossfire.


X.Org Server 21.1.5 was released overnight for a new batch of security vulnerabilities: CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.

Similarly, XWayland 22.1.6 is out for mitigating much of the same security issues: CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.

These CVEs pertain to security issues in X.Org Server extensions and are around stack overflows, use-after-free, out-of-bounds accesses, and similar problems. These CVEs can lead to local privilege escalation on systems where the X.Org Server is running privileged or remote code execution for SSH X11 forwarding sessions.

Details on these latest X.Org Server security vulnerabilities can be found via the security advisory.
92 Comments
Related News
xcompmgr 1.1.10 Released For Classic "Eye Candy" Compositor On X.Org
Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years
It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing
libX11 1.8.10 Brings Memory Safety Fixes
X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana
X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries