|
|
Subscribe / Log in / New account

A security release for xorg-server

[Posted December 14, 2022 by corbet]

X.org users running in potentially hostile environments will want to look into the xorg-server 21.1.5 release, which fixes several potentially serious security vulnerabilities. "All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions".
to post comments

A security release for xorg-server

Posted Dec 14, 2022 15:30 UTC (Wed) by NightMonkey (subscriber, #23051) [Link]

"Additional, the swapped event is written into a stack-allocated struct
xEvent (size 32 bytes). For any GenericEvent longer than 32 bytes,
swapping the event may thus smash the stack like an avocado on toast."

This set of release notes has a nice Easter egg. :)


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds