Phoronix Still Acting Like the Sky is Falling for X11 (Wayland Far More Troublesome)
Reprinted with permission from Ryan Farmer.
And now for a bad lip reading regarding the latest “X11 security incident”.
“Hello, I have been using Google Chrome on my multi-CRT setup on a computer from 1999. I am very concerned that attack code will try to exploit a use after free in Xvfb while I use Zaphod heads.”
“May I speak to the manager?”
😀
I’m honestly surprised that anyone is even looking for bugs that are this uninteresting.
No doubt, if they are found they should be fixed. Again, the fixes are not a dramatic overhaul of anything. They boil down to a few lines of code being altered.
I do have to wonder why Trend Micro (a Windows “security” huckster) is looking for crap like this in X11.
Maybe so that “news” sites like Moronix can continue posting about “Linux security problems”.
Microsoft likes this. They benefit from the misdirection.
Microsoft is obviously paying some sites to ham it up as a distraction from constant actual Windows and Azure data breaches where people make off with everything from your banking and healthcare data, to things that are impossible to fix, like your Social Security numbers and credit files.
The realfact (I’m a realfact kind of guy.) shows that Microsoft is too dangerous to actually use or trust anywhere that data security is actually important.
Quite often these “Linux bugs” are not bugs in Linux itself, but rather anything “open source”, often stuff that’s widely used on Windows, or even a part of Windows, or in the “Corrupted Linux” called WSL, which they have extended like the Microsoft Java VM, so they’re not even Linux programs anymore if you build them that way.
The fact that “security researchers” keep finding so many bugs that are only barely important tells me that someone has an agenda. Who pays people to sit down and find trivialities? I wonder.
What to do about these X11 bugs?
Well Debian has already issued an updated set of Xorg packages. Just install them and restart X11. Big whoop.
Honestly, it’s hard to tell how this would even be exploitable, but you should always patch things ASAP.
The same media going on about this doesn’t ever talk about 30-40 emergency vulnerabilities every month in Microsoft Edge, Google Chrome, or Firefox. █