Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

X.Org Server 1.20.11 Released Due To New Security Advisory

Written by Michael Larabel in X.Org on 13 April 2021 at 11:02 AM EDT. 35 Comments

X.ORG

Trend Micro's Zero Day Initiative has uncovered another security issue with the X.Org Server.

Trend Micro security researchers found that shortcomings in the X.Org Server's X Input extension input validation could ultimately lead to privilege escalation for authorized clients.

CVE-2021-3472 involves insufficient checks on the lengths of an X Input request could lead to out-of-bounds memory accesses in the X.Org Server. If the X.Org Server is running with privileged rights, this could lead to privilege escalation for authorized X11 clients.

This patch fixes the XChangeFeedbackControl() request underflow.

Going along with today's security advisory is X.Org Server 1.20.11 that has this fix plus other accumulated patches.

X.Org Server 1.20.11 is predominantly made up of many back-ported XQuartz fixes, Meson build fix with KMS depending on DRI2, and other fixes. See the change-log but overall not too exciting outside of this security fix and many XQuartz back-ports.

There still is no sign of X.Org Server 1.21 as the next feature release and meanwhile the XWayland standalone work continues. Speaking of which, XWayland 21.1.1 was also issued today with this X Input security fix.

35 Comments

Related News

X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs

Explicit GPU Synchronization Merged For XWayland

X.Org Server & XWayland Hit By Four More Security Issues

The X.Org Foundation Needs More Candidates To Hold An Election

X.Org Server Clears Out Remnants For Supporting Old Compilers

X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them

Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives

Ubuntu Maker Canonical Announces New Collaboration With Qualcomm

Fedora 41 Looks To "-O3" Optimizations For Its Python Build

APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More

KDE's KWin Merges Wayland Explicit Sync Support

Gentoo Linux Now An SPI Project

Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver