There is a vulnerability in the X.Org
; it is a buffer overflow which can enable local root access by
way of an X client. If you allow access to your X server from the net as a
whole, this could be a remote root vulnerability - but, presumably, nobody
has done that for years. As of this writing, updates are available from
Gentoo, Mandriva, and SUSE; see the LWN vulnerability entry
the current list.
Note that this is not the vulnerability so loudly proclaimed recently by
Coverity. That is an older bug which LWN readers knew about last March.
to post comments)