tech-x11 archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

X.Org Security Advisory: May 23, 2013, just seen at

        I was just looking around at for i18n keyboard
        programming instructions/documentation and I saw this Security

X.Org Security Advisory: May 23, 2013

Protocol handling issues in X Window System client libraries


Ilja van Sprundel, a security researcher with IOActive, has discovered a
large number of issues in the way various X client libraries handle the
responses they receive from servers, and has worked with X.Org's
security team to analyze, confirm, and fix these issues.

Most of these issues stem from the client libraries trusting the server
to send correct protocol data, and not verifying that the values will
not overflow or cause other damage.

(here cut short by me)
        (Resuming my note:) I just built NetBSD 6.1 from the cvs -r
        6-1-RELEASE sources last Friday, May 17th (May 16th src, xsrc),
        and I checked the cvsweb versions for say the libX11 advisory of
        this, and NetBSD's is all a couple years old on average for the
        file dates.  (So, their v7.7 with libX11 of (1.6 RC1)
        or earlier advisory which is their first version number.  It
        appears that our version is still by date and specific library
        between v7.3 something and 7.6 something from when I had
        swi-prolog libXt problems. )  I just wanted to pass this along
        to the people keeping the xsrc tree up to date and working the
        best for NetBSD with the right versions, who know this stuff
        well etc.  Thanks.

        John R. Towler

Home | Main Index | Thread Index | Old Index