[ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries
Alan Coopersmith
alan.coopersmith at oracle.com
Thu May 23 15:36:35 PDT 2013
On 05/23/13 08:05 AM, Alan Coopersmith wrote:
> X.Org Security Advisory: May 23, 2013
> Protocol handling issues in X Window System client libraries
> ============================================================
>
> Description:
> ============
>
> Ilja van Sprundel, a security researcher with IOActive, has discovered
> a large number of issues in the way various X client libraries handle
> the responses they receive from servers, and has worked with X.Org's
> security team to analyze, confirm, and fix these issues.
BTW, I see that Ilja also mentioned these (without giving full details
on the holes) in his recent CanSecWest talk, which is an interesting
read:
http://cansecwest.com/slides/2013/Assessing%20the%20Linux%20Desktop%20Security%20-%20Ilja%20van%20Sprundel.ppt
I still agree with most of my quotes that got captured there, including the one
blaming daniels for not saving us from all manner of XKB woes. (I know, XKB2
would fix it all, if only the laptop was returned by the thief we all curse.)
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list