Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Two More X.Org Server Security Advisories Issued - Possible Privilege Escalation

Written by Michael Larabel in X.Org on 1 December 2020 at 10:57 AM EST. 29 Comments

X.ORG

Trend Micro's Zero Day Initiative has uncovered two more security issues with the aging X.Org Server that as we roll into 2021 is still powering most of the Linux desktops.

The security researchers found multiple input validation failures with the X.Org Server's XKB keyboard extension. Insufficient checks on different checks could lead to out-of-bounds memory accesses or buffer overflows.

Details on the two CVEs can be found via xorg-announce.

The fixes have landed in X.Org Server Git while an X.Org Server 1.20.10 point release is expected in the near future. There's still no word or planning around any X.Org Server 1.21 feature release.

Given the age of the massive codebase, security vulnerabilities continue to be uncovered in this still widely used component to the Linux desktop stack. For years already security researchers have characterized the X.Org security as even worse than it looks and seemingly no shortage of issues still persisting.

29 Comments

Related News

X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs

Explicit GPU Synchronization Merged For XWayland

X.Org Server & XWayland Hit By Four More Security Issues

The X.Org Foundation Needs More Candidates To Hold An Election

X.Org Server Clears Out Remnants For Supporting Old Compilers

X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them

Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives

Fedora 41 Looks To "-O3" Optimizations For Its Python Build

Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver

APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More

KDE's KWin Merges Wayland Explicit Sync Support

Gentoo Linux Now An SPI Project

Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode