Here's another reminder that checking regularly for updates is always a good thing, because there's new releases available for both the X.Org X and Xwayland due to multiple reported security issues.
First up, here's the actual listed issues reported and fixed:
- CVE-2023-6816 can be triggered by passing an invalid array index to DeviceFocusEvent or ProcXIQueryPointer.
- CVE-2024-0229 can be triggered if a device has both a button and a key class and zero buttons.
- CVE-2024-21885 can be triggered if a device with a given ID was removed and a new device with the same ID added both in the same operation.
- CVE-2024-21886 can be triggered by disabling a master device with disabled slave devices.
- CVE-2024-0409 can be triggered by enabling SELinux xserver_object_manager and running a client.
- CVE-2024-0408 can be triggered by enabling SELinux xserver_object_manager and creating a GLX PBuffer.
This security advisory went public on the X.Org mailing list this morning.
The issues are present in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4, both of which were just announced and released. The xorg-server 21.1.11 release additionally "also contains a fix for XRandR to allow for multiple virtual monitors on a physical display" plus xwayland 23.2.4 additionally "also contains several other fixes for glamor, libEI support, and FreeBSD".
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
slaapliedje Jan 16
This should be posted on X and break everyone's brain. :P
10 Likes, Who?
eridanired123 Jan 16
Quoting: slaapliedjeThis should be posted on X and break everyone's brain. :P
It took me a minute to realize how posting anything to a window system made any sense.
7 Likes, Who?
Quoting: eridanired123Same. In fact it only clicked after reading your comment. What a messQuoting: slaapliedjeThis should be posted on X and break everyone's brain. :P
It took me a minute to realize how posting anything to a window system made any sense.
4 Likes, Who?
slaapliedje Jan 16
Quoting: eridanired123Haha, indeed. I'm betting Elon would have taken over X.org if he could.Quoting: slaapliedjeThis should be posted on X and break everyone's brain. :P
It took me a minute to realize how posting anything to a window system made any sense.
3 Likes, Who?
Quoting: bekoOhhh, now I get it! He meant "the social media platform formerly known as Twitter"!Quoting: eridanired123Same. In fact it only clicked after reading your comment. What a messQuoting: slaapliedjeThis should be posted on X and break everyone's brain. :P
It took me a minute to realize how posting anything to a window system made any sense.
4 Likes, Who?
Quoting: PenglingX posting about X on X, which people are viewing with X? ARGH!
This frustration is making me click the x button on the top-right of this window...
6 Likes, Who?
StoneColdSpider Jan 17
Quoting: chrIts making me press the X button on my Xbox controller while on my Xbox viewing this in Xplorer....... Shit is insane......Quoting: PenglingX posting about X on X, which people are viewing with X? ARGH!
This frustration is making me click the x button on the top-right of this window...
2 Likes, Who?
fenglengshun Jan 17
Quoting: slaapliedjeHaha, indeed. I'm betting Elon would have taken over X.org if he could.Elon would be a Wayland hater if he's a Linux user lol
0 Likes
Patreon
PayPal
See more from me