XOrg and XWayland vulnerabilities

Topic: XOrg and XWayland vulnerabilities (Read 625 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

XOrg and XWayland vulnerabilities

17 June 2025, 22:41:22

Hello,

Today XOrg Server 21.1.17 and XWayland 24.1.7 have been released to address some vulnerabilities

Official advisory: https://lists.x.org/archives/xorg-announce/2025-June/003608.html

Would it take long to have the new versions built and released on the official channels ?

Thank you in advance !

Best regards;,
SoftExpert

Re: XOrg and XWayland vulnerabilities

Reply #1 – 17 June 2025, 23:08:01

Reading the list, it seems items barely deserve to be called CVE? Of course update is welcome but unless I missed something it is not very scary.

Re: XOrg and XWayland vulnerabilities

Reply #2 – 18 June 2025, 01:11:03

Both pkg's are available for testing.

artist

Re: XOrg and XWayland vulnerabilities

Reply #3 – 18 June 2025, 05:39:04

Quote

unless I missed something it is not very scary

You missed some study of the classics:
https://phrack.org/issues/49/14
If you can generate a buffer overflow and can affect the bytes that make that up and can calculate the way the existing bytes are placed in the memory you can potentially then break out of the normal operation of the program and make it do anything you want.