X.org vulnerability and releases

by
jake
from LWN.net on (#6AB4C)
The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393).
This issue can lead to local privileges elevation on systems where the Xserver is running privileged and remote code execution for ssh X forwardingsessions.

[...] If a client explicitly destroys the compositor overlay window (aka COW),the Xserver would leave a dangling pointer to that window in the CompScreenstructure, which will trigger a use-after-free later.

That has led to the release of xorg-server 21.1.8, xwayland 22.1.9, and xwayland 23.1.1.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments