this post was submitted on 03 Oct 2023
242 points (99.6% liked)

Linux

48664 readers
504 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around since 1996. A second libX11 flaw is stack exhaustion from infinite recursion within the PutSubImage() function of libX11... This vulnerability has been around since X11R2 in February of 1988.

Due to these issues coming to light, libX11 1.8.7 and libXpm 3.5.17 were released today with the necessary security fixes. More details on these latest X.Org security vulnerabilities via today's X.Org security advisory.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 34 points 1 year ago

This is the best summary I could come up with:


It was a decade ago that a security researcher commented on X.Org Server security being even "worse than it looks" and that the GLX code for example was "80,000 lines of sheer terror" and hundreds of bugs being uncovered throughout the codebase.

In 2023 new X.Org security vulnerabilities continue to be uncovered, two of which were made public today and date back to X11R2 code from the year 1988.

Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around since 1996.

A second libX11 flaw is stack exhaustion from infinite recursion within the PutSubImage() function of libX11...

Two libXpm vulnerabilities were also disclosed today related to out-of-bounds reads and both of those date back to 1998.

Due to these issues coming to light, libX11 1.8.7 and libXpm 3.5.17 were released today with the necessary security fixes.


The original article contains 196 words, the summary contains 144 words. Saved 27%. I'm a bot and I'm open source!