On 05/23/13 08:05 AM, Alan Coopersmith wrote:
X.Org Security Advisory: May 23, 2013
Protocol handling issues in X Window System client libraries
============================================================
Description:
============
Ilja van Sprundel, a security researcher with IOActive, has discovered
a large number of issues in the way various X client libraries handle
the responses they receive from servers, and has worked with X.Org's
security team to analyze, confirm, and fix these issues.
BTW, I see that Ilja also mentioned these (without giving full details
on the holes) in his recent CanSecWest talk, which is an interesting
read:
http://cansecwest.com/slides/2013/Assessing%20the%20Linux%20Desktop%20Security%20-%20Ilja%20van%20Sprundel.ppt
I still agree with most of my quotes that got captured there, including the one
blaming daniels for not saving us from all manner of XKB woes. (I know, XKB2
would fix it all, if only the laptop was returned by the thief we all curse.)
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: http://lists.x.org/mailman/listinfo/xorg
Your subscription address: arch...@mail-archive.com
