X.Org Hit By New Security Vulnerabilities - Two Date Back To 1988 With X11R2

Written by Michael Larabel in X.Org on 3 October 2023 at 01:31 PM EDT. 90 Comments
X.ORG
It was a decade ago that a security researcher commented on X.Org Server security being even "worse than it looks" and that the GLX code for example was "80,000 lines of sheer terror" and hundreds of bugs being uncovered throughout the codebase. In 2023 new X.Org security vulnerabilities continue to be uncovered, two of which were made public today and date back to X11R2 code from the year 1988.

Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around since 1996. A second libX11 flaw is stack exhaustion from infinite recursion within the PutSubImage() function of libX11... This vulnerability has been around since X11R2 in February of 1988.

Vulnerabilities since 1988...


A third libX11 vulnerability made public today is an integer overflow within XCreateImage() that leads to a heap overflow... That too has been around since X11R2 in 1988.

Two libXpm vulnerabilities were also disclosed today related to out-of-bounds reads and both of those date back to 1998.

Due to these issues coming to light, libX11 1.8.7 and libXpm 3.5.17 were released today with the necessary security fixes. More details on these latest X.Org security vulnerabilities via today's X.Org security advisory.
90 Comments
Related News
xconsole 1.1 Released - Preparing For Post-Y2038 Support, 18 Years After v1.0
X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs
Explicit GPU Synchronization Merged For XWayland
X.Org Server & XWayland Hit By Four More Security Issues
The X.Org Foundation Needs More Candidates To Hold An Election
X.Org Server Clears Out Remnants For Supporting Old Compilers
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Ubuntu 24.04 LTS Downloads Now Available
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
QEMU 9.0 Released WIth True Multi-Queue Support For VirtIO Block Driver