Slashdot Mirror

← Back to Stories (view on slashdot.org)

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Posted by timothy on from the we-have-a-history dept.

An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

5 of 172 comments (clear)

  1. In before the trolls by Anonymous Coward · · Score: 5, Insightful

    Open Source does not guarantee that all of the bugs will be found, it merely guarantees that all of the bugs can be found.

  2. Re:Wha?!?!!! by phantomfive · · Score: 4, Insightful

    It's open source! Surely dedicated multitudes of programmers have been dutifully poring over the code for decades, searching high and low for potential flaws because ... well, just because it's there! Surely!

    To be blunt, that's exactly why this was found. If it were closed source, the bugs would still be in there.

    --
    "First they came for the slanderers and i said nothing."
  3. Re:so much for open source bug discovery being bet by jellomizer · · Score: 3, Insightful

    Zealots are deniers.
    The problem is there are enough vocal Zealots to proclaim that how a product is licensed some how makes it superior/inferior to an other.
    But in general the more confident you are in your products superiority, the more problems you ignore or don't bother looking for.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:Wha?!?!!! by Rei · · Score: 4, Insightful

    All million lines of it ;)

    Seriously, I'd really love to go in myself and fix the bug that's currently preventing me from using GLX, but I wouldn't even know where to begin. I think Xorg is seriously understaffed in terms of volunteers compared to the scale of the project - it looks like most bug reports don't get responses for months or years, if ever.

    --
    "We consider that six courts and an asylum claim are a rather odd way of returning to Sweden within a month."
  5. Re:Wha?!?!!! by phantomfive · · Score: 4, Insightful

    If it were closed source, the bug probably wouldn't exist anymore because closed source probably doesn't keep using code that's two-and-a-half decades old. As examples, OS X has nothing from Mac OS classic and Windows 95 is long gone from modern Windows version. Or at least I would hope so.

    There are 300billion lines of COBOL still in production. And every time you transfer money through banks, your money passes through it. OSX has code from the 90s in it, and Windows has code from the 80s.

    Pretty near every bad software practice that you find in open source software is also found in closed source software.

    --
    "First they came for the slanderers and i said nothing."