[ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Alan Coopersmith alan.coopersmith at oracle.com
Thu May 23 15:36:35 PDT 2013


On 05/23/13 08:05 AM, Alan Coopersmith wrote:
> X.Org Security Advisory:  May 23, 2013
> Protocol handling issues in X Window System client libraries
> ============================================================
>
> Description:
> ============
>
> Ilja van Sprundel, a security researcher with IOActive, has discovered
> a large number of issues in the way various X client libraries handle
> the responses they receive from servers, and has worked with X.Org's
> security team to analyze, confirm, and fix these issues.

BTW, I see that Ilja also mentioned these (without giving full details
on the holes) in his recent CanSecWest talk, which is an interesting
read:

http://cansecwest.com/slides/2013/Assessing%20the%20Linux%20Desktop%20Security%20-%20Ilja%20van%20Sprundel.ppt

I still agree with most of my quotes that got captured there, including the one
blaming daniels for not saving us from all manner of XKB woes.   (I know, XKB2
would fix it all, if only the laptop was returned by the thief we all curse.)

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list