Security Advisories
This page details security issues that have been found in X.Org, and their remedies.
Please contact <xorg-security@lists.x.org> to report security issues in the X.Org codebase.
X.Org 7.6
- Jan 19, 2012 - vulnerability in default keyboard maps:
- CVE-2012-0064: It is possible to bypass a screen locking application when displayed on Xorg 1.11 or later by using the input grab killing keystrokes, which were enabled by default.
The fix was included in xkeyboard-config 2.5 to not enable those key mappings unless requested.
Please see http://who-t.blogspot.com/2012/01/xkb-breaking-grabs-cve-2012-0064.html for more information.
- CVE-2012-0064: It is possible to bypass a screen locking application when displayed on Xorg 1.11 or later by using the input grab killing keystrokes, which were enabled by default.
- Oct 18, 2011 - 2 vulnerabilities related to X server lock files:
- CVE-2011-4028: File disclosure vulnerability: It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files.
- CVE-2011-4029: File permission change vulnerability: It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes.
Please see the advisory for more information.
Patches are available: CVE-2011-4028 CVE-2011-4029
Fixes are included in xserver 1.11.2RC2 and later.
- Aug 10, 2011 - CVE-2011-2895: A specially crafted LZW compressed font file may be used by a user who can connect to the X server to overflow a buffer in the X server, possibly leading to a local privilege escalation.
Please see the advisory for more information.
Patch is available: CVE-2011-2895
Fix is included in libXfont 1.4.4 and later.
- Apr 5, 2011 - CVE-2011-0465: By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb.
Please see the advisory for more information.
Patch is available: CVE-2011-0465
X.Org 7.3
- Jun 11, 2008 - CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.
Please see the advisory for more information. Patches are available:
CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362
- Jan 17, 2008 - CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.
Please see the advisory for more information.
Patches are available for X11R7.2 libXfont 1.2.7 and xserver 1.2 as well as for X11R7.3: libXfont 1.3.1 and xserver 1.4.
Update Jan 21, 2008 - The patch for the MIT-SHM vulnerability (CVE-2007-6429) introduced a regression for applications that allocate pixmaps with a less than 8 bits depth. New patches are available for xserver 1.2 and xserver 1.4.
MD5: 8e3f74c2cabddd3d629018924140e413 xorg-xserver-1.2-multiple-overflows-v2.diff
SHA1: 38ad95d97e83861c309276a27296787e6d0d1b54 xorg-xserver-1.2-multiple-overflows-v2.diffMD5: ded4bc31104aedada0155514a968b45f xorg-xserver-1.4-multiple-overflows-v2.diff
SHA1: af92fd389e72a3bb59d25dbf9cbb06e827b75d7d xorg-xserver-1.4-multiple-overflows-v2.diff- Oct 2, 2007 - CVE-2007-4568: Multiple vulnerabilities in the X font server can lead to head corruption or overflow from a client.
Please see the advisory for more information.
This is fixed in xfs 1.0.5. A Patch is available for xfs 1.0.4.
X.Org 7.2
- April 3, 2007 - CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1352: Lack of validation of parameters passed to the X server and libX11 by client application can lead to various kinds of integer overflows or stack overflows that can be used to overwrite data in the X server memory.
Please see the advisory for more information.
Patches are available for 7.2.
X.Org 7.1
January 9, 2007 - CVE-2006-6101 CVE-2006-6102 CVE-2006-6103: The ProcDbeGetVisualInfo(), ProcDbeSwapBuffer() and ProcRenderAddGlyphs() functions in the X server, implementing requests for the dbe and render extensions, may be used to overwrite data on the stack or in other parts of the X server's memory.
Please see the advisory for more information. Patches are available for 6.8.2, 6.9.0, 7.0 and 7.1.
- September 12, 2006 - It may be possible for a user with the ability to set the X server font path, by making it point to a malicious font, to cause arbitrary code execution or denial of service on the X server.
Please see the advisory for more information. Patches are available for 6.8.2, 6.9.0, 7.0 and 7.1.
X.Org 6.9.0/7.0
- June 20, 2006 - A lack of checks for setuid() failures when invoked by a privileged process (e.g., X server, xdm, xterm, if installed setuid or setgid) may cause the process to execute certain privileged operations (file access) as root while it was intended to be executed with a less privileged effective user ID, on systems where setuid() called by root can fail. This can be used by a malicious local user to overwrite files and possibly elevate privileges in some corner cases.
Please see the advisory for more information. Patches are available for 6.8.2, 6.9.0, 7.0 and 7.1.
May 2, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.8.x, X11R6.9.0 and X11R7.0 (xorg-server 1.0.x) -- this is CVE-2006-1526. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server.
Please see the advisory for more information. Patches are available for 6.8.2, 6.9.0 and 7.0.
March 20, 2006 - A security vulnerability has been found in the X.Org server as shipped with X11R6.9.0 and X11R7.0 (xorg-server 1.0.0 and 1.0.1) -- this is CVE-2006-0745. Local users were able to escalate privileges to root and cause a DoS if the Xorg server was installed setuid root (the default). Note that earlier releases are not vulnerable.
Please see the advisory for more information. Patches are available for 6.9.0 and 7.0. If you are running X11R7.0, you can upgrade xorg-server to 1.0.2 or later (release announcement).
X.Org 6.8.2
September 12, 2005 - Due to missing range checks for the pixel size of the pixmap subsequent pixmap read/write functions can access memory outside of the allocated pixmap by any X client that can connect to the affected X server. This way any user having access to the server can access memory that is accessible from within the X server and/or crash the server. The CVE number for these vulnerabilities is CAN-2005-2495. A patch against 6.8.2 is available.
X.Org 6.8.1
November 17, 2004 - X.Org was made aware of additional security vulnerability in libXpm, the X Pixmap library, which is shipped as part of the X Window System. The affected library is used in many popular application for image viewing and manipulation. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-0914 to these issues. Patches are provided for 6.8.0 and 6.8.1. The problem is fixed in 6.8.2 and later.
X.Org 6.8.0
September 15, 2004 - A security vulnerability has been found in libXpm, the X pixmap library which is shipped as part of the X Window System. Please check here for further information. This problem has been fixed in 6.8.1. We also provide a patch for 6.8.0 and earlier.
X11R6.6 and older
This is not a complete listing of older security issues, just those discovered more recently
July 24, 2012 - CVE-2012-1699: A vulnerability has been found in the X11R6 font server code in the handling of the SetEventMask request in xfs which can lead to either denial of service or a leak of information from the xfs process address space.
Please see the advisory for more information. Patch is included in the advisory.
Fix is included in XFree86 3.3.3 and later, and X.Org X11R6.7 and later.