X.Org Server 21.1.22 has been released to address five newly disclosed security vulnerabilities found by the TrendAI Zero Day Initiative. The issues include an XKB integer underflow, multiple XKB out-of-bounds reads, an XSYNC use-after-free, and an XKB buffer overflow — primarily enabling reads of uninitialized memory. Some vulnerabilities trace back to X11R6.6, while others were introduced in more recent versions. XWayland 24.1.10 is also available. The release highlights the ongoing security challenges of the aging, minimally maintained X.Org codebase.
Sort: