May 24, 2013
Big X.Org Security Advisory

A big X.Org Security Advisory yesterday:

Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org’s security team to analyze, confirm, and fix these issues.

Fixes are underway already, and it sounds like (to someone not hugely versed in deep x.org code) the issues aren’t going to affect the normal linux user running behind a firewall, but if you run unchecked code from untrusted sources locally (or allow other users to connect to the X.org port remotely), be careful. Keep up to date with updates and make sure your system is patched over the next week or two.





Posted by Arcterex at May 24, 2013 02:28 PM