Open SourceDevelopers X.Org reported identifying 30 vulnerabilities affecting various client libraries X11, as well as the components of DRI-Mesa.

The problems are due to lack of proper validation transferred within the X11 protocol data sets and manifest themselves as going beyond the boundaries of the buffer and integer overflows when processing your request correctly.

Many of the vulnerabilities allow to activate a code on the side of the X-client interaction with the server controlled by the attacker. Because the client and the server in most cases are performed on the same machine under the same user or server is running with higher privileges identified vulnerabilities do not pose much danger. However, they may threaten configurations when privileged client connects to a non-privileged third-party server (for example, setuid X-client connects to a virtual X-server such as Xvfb and Xephyr). Continue reading

Advertisements