Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Re:Wha?!?!!!

[ruir]

LOL. Windows not reusing code? I guess you believe in santa claus and the fairy tooth too.

Re:Wha?!?!!!

[king+neckbeard]

They apparently use code that's two decades old, as this bug was only recently fixed

News at 11!!!

[sl3xd]

Anybody who's really looked at security around X11 has known for decades that it isn't that great.

I even remember that as recently as a year ago, ATI's drivers specifically tell you to use "xhost +" to enable GPU compute jobs using ATI devices, which resulted in a lot of "LOL NOPE" in the HPC industry. (It's trivial to root a machine that has had "xhost +" executed inside an X11 session.)

X11 having critical security holes should surprise no one. There's a reason internet-facing servers don't have X11, and it's not just because you don't need a GUI sucking up resources.

On the other hand, I'm thoroughly grateful that somebody decided to do something about it.

Re:Wha?!?!!!

[phantomfive]

Why would a 16-bit value be called a "half-word"? It's always been a word and 32-bit has always been a double word. You're the one asking to use a new code with your half-word.

I think you're drunk or something, you keep on saying stuff that could be easily figured out if you looked it up on Wikipedia.

A 'word' is the natural unit of data on the CPU architecture (not the maximum). Thus on a 16 bit computer a WORD is 16 bits, but on a 32 bit computer it's 32 bits.

Even a byte was not necessarily 8 bits before OS/360, it commonly was found as 7 bits, or even four bits.