241

Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around since 1996. A second libX11 flaw is stack exhaustion from infinite recursion within the PutSubImage() function of libX11... This vulnerability has been around since X11R2 in February of 1988.

Due to these issues coming to light, libX11 1.8.7 and libXpm 3.5.17 were released today with the necessary security fixes. More details on these latest X.Org security vulnerabilities via today's X.Org security advisory.

top 21 comments
sorted by: hot top controversial new old
[-] eksb@programming.dev 110 points 1 year ago

--my-next-video-card-wont-be-nvidia

[-] dinckelman@lemmy.world 30 points 1 year ago

Even if you have an nvidia card, it's... fine now? With a 1080Ti, and Plasma, I haven't really had any issues on the Wayland session, that aren't straight up KDE bugs

[-] woelkchen@lemmy.world 25 points 1 year ago

Even if you have an nvidia card, it’s… fine now?

Until the next NVidia-specific workaround is required.

[-] dinckelman@lemmy.world 4 points 1 year ago

I mean, fingers crossed we don't, but so far this has also not been an issue for a year or two, in my case. Cruising happily

[-] priapus@sh.itjust.works 8 points 1 year ago

Still no VRR support which is likely a dealbreaker for many.

[-] dinckelman@lemmy.world 4 points 1 year ago

Like I've said, it's not flawless. There are things missing, but in the larger scheme of things, it is both usable and stable. In my daily usage, I have not encountered any dealbreakers

[-] supremeloser@lemmy.sdf.org 3 points 1 year ago
[-] priapus@sh.itjust.works 5 points 1 year ago* (last edited 1 year ago)

With AMD you can. GSync isn't supported on Wayland.

[-] ChaosAD@lemmy.world 5 points 1 year ago

Series 10 is safe to use in wayland?

[-] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]

[-] ChaosAD@lemmy.world 1 points 1 year ago

Cool, thanks!

[-] ProtonBadger@kbin.social 3 points 1 year ago* (last edited 1 year ago)

Same, am happily using an NVidia 3060 laptop with Wayland+Plasma. Playing BG3 and Guildwars2 on Proton+Xwayland. Got a Plasma panel freezing bug (that's applicable to non-Intel GPU's) that fortunately had a workaround so I'm fine.

So for some use cases at least it's OK. They seem to be working more on Wayland now: In the next driver they're fixing a number of things bothering some people like v-sync and Vulkan on Prime. They also have a ticket in progress for nightlight (GAMMA_LUT support) but not sure what version it's headed for.

[-] independantiste@sh.itjust.works 4 points 1 year ago

They work fine on wayland when they are not being used as a primary GPU. My optimus laptop (680M + RTX3050) works perfect on Wayland because 99% to 100% of the time it actually uses the AMD GPU for the desktop things. It only uses the discrete Nvidia GPU when I tell it to for games and the like. My desktop that is nvidia-only though is another story, last time I tried I got significant cursor glitches after waking from sleep, the night light doesn't work due to the lack of GAMMA_LUT like you mentionned. There were also all sorts of glitches with Blur my shell iirc

[-] ProtonBadger@kbin.social 1 points 1 year ago* (last edited 1 year ago)

I have the laptop set to NVidia Dedicated mode, the integrated GPU is dormant at all times (verified with nvtop), so I don't have any experiences with Optimus. I don't use suspend, I turn it on in the morning, off in the evening.

[-] sky@codesink.io 1 points 1 year ago

Oh thank god, this is the first I've heard of them working on GAMMA_LUT support. I've been dying without night light.

[-] ProtonBadger@kbin.social 1 points 1 year ago* (last edited 1 year ago)

Well, they haven't committed to a release number and I don't know what priority the ticket has, however if you use KDE there will be a workaround for night light without GAMMA_LUT for Plasma 6.

[-] abclop99@beehaw.org 6 points 1 year ago

--unsupported-gpu

[-] autotldr@lemmings.world 34 points 1 year ago

This is the best summary I could come up with:


It was a decade ago that a security researcher commented on X.Org Server security being even "worse than it looks" and that the GLX code for example was "80,000 lines of sheer terror" and hundreds of bugs being uncovered throughout the codebase.

In 2023 new X.Org security vulnerabilities continue to be uncovered, two of which were made public today and date back to X11R2 code from the year 1988.

Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around since 1996.

A second libX11 flaw is stack exhaustion from infinite recursion within the PutSubImage() function of libX11...

Two libXpm vulnerabilities were also disclosed today related to out-of-bounds reads and both of those date back to 1998.

Due to these issues coming to light, libX11 1.8.7 and libXpm 3.5.17 were released today with the necessary security fixes.


The original article contains 196 words, the summary contains 144 words. Saved 27%. I'm a bot and I'm open source!

[-] pnutzh4x0r@lemmy.ndlug.org 27 points 1 year ago

FYI, Ubuntu/Pop!_OS have already pushed out updates.

[-] drwho@beehaw.org 14 points 1 year ago
[-] Cwilliams@beehaw.org 5 points 1 year ago

All the more reason to switch to Wayland

this post was submitted on 03 Oct 2023
241 points (99.6% liked)

Linux

48214 readers
735 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS