X.Org & XWayland Hit By Four Security Issues (lists.x.org)
from MazonnaCara89@lemmy.ml to linux@lemmy.ml on 04 Apr 2024 06:43
https://lemmy.ml/post/14040113

#linux

threaded - newest

z3rOR0ne@lemmy.ml on 04 Apr 2024 08:05 collapse

So if I’m reading this correctly, three of them have already been patched and the other has also been patched, but has an optional config flag you must enable to enable the patch and fix the security vulnerability?

metiulekm@sh.itjust.works on 04 Apr 2024 09:17 collapse

My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.

The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.

z3rOR0ne@lemmy.ml on 04 Apr 2024 14:16 collapse

Thank you for the clarification.