Announcement

**Kano** · 09 December 2014, 02:14 PM

Nvidia updated ALL currently drivers it seems, would be interesting to see a statement from AMD... I hope some Debian devs update the Nvidia drivers, i toyed around with fglrx 14.12 for some hs already.

**gens** · 09 December 2014, 03:05 PM

from a year ago

- YouTube

https://www.youtube.com/watch?v=2l7ixRE3OCw

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

**dungeon** · 09 December 2014, 03:31 PM

Originally posted by Kano View Post

Nvidia updated ALL currently drivers it seems, would be interesting to see a statement from AMD...

Why do you think AMD Catalyst is affected just like nvidia? It is probably affected just like other opensource drivers without patched and not configured for security xorg, so distro xorg update should fix most of those nasties isn't it

. Well unlike nvidia blobs who probably have more needs to give this statements because it supports xserver not just in Linux, but on other platforms like BSD & Solaris

**bakgwailo** · 09 December 2014, 03:42 PM

Originally posted by dungeon View Post

Why do you think AMD Catalyst is affected just like nvidia? It is probably affected just like other opensource drivers without patched and not configured for security xorg, so distro xorg update should fix most of those nasties isn't it

. Well unlike nvidia blobs who probably have more needs to give this statements because it supports xserver not just in Linux, but on other platforms like BSD & Solaris

Because AMD puts out a proprietary blob, too, which is needed if one wants performance for gaming on newer hardware?

**yoshi314** · 09 December 2014, 03:46 PM

These issues have been known privately for some time to the developers while today the advisories are going out publicly.

if that was the case, they would have been long since fixed. how long were the developers aware ?

**dungeon** · 09 December 2014, 04:03 PM

Originally posted by bakgwailo View Post

Because AMD puts out a proprietary blob

And that 'blob' means what? If nvidia blob is afffected, that does not automatically mean all other blob drivers from any different companies are affected, they may have implement (or might have it broken in a good way

) indirect glx in a way it is not so vulnerable

Some vendors who provide blob drivers may not have indirect glx implmented at all so they are not affected here

**GreatEmerald** · 09 December 2014, 04:38 PM

Originally posted by yoshi314 View Post

if that was the case, they would have been long since fixed. how long were the developers aware ?

According to that NVIDIA statement:

NVIDIA was informed of this issue by public advisement from X.Org participants on Oct 9, 2014

**kaprikawn** · 09 December 2014, 04:48 PM

I suppose the Linux desktop marketshare is good for one thing, security through obscurity. While Xorg is a security disaster, I still have no qualms about running my Linux desktop with no anti-virus.

Still, Wayland can't come fast enough.

**dungeon** · 09 December 2014, 05:12 PM

Originally posted by yoshi314 View Post

if that was the case, they would have been long since fixed. how long were the developers aware ?

For example on 16. september indirect glx is disabled in Debian, so if you use that and opensource drivers you are pretty much unaffected

Even monts ago developers are aware you can do easy crash X, just starts some steam or other game which provide their own nasty (un)compatibility libraries

And even many years ago some developers are awared when they make direct unanccelerated default in drivers

Even when someone implemnts something 28. years ago and issue only triggers something today, but at those days it was a feature probably unused

Announcement

X.Org Hit Hard By A Large Batch Of Security Vulnerabilities

X.Org Hit Hard By A Large Batch Of Security Vulnerabilities

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment