The X.org Server 21.1.12 and xwayland 23.2.5 DDX component have addressed corrective issues, facilitating the launch of X.org Server to manage the implementation of X11 applications within the Wayland environment. The latest version of X.org Server has resolved 4 vulnerabilities, with one vulnerability enabling the elevation of privileges in systems where the X-server operates with Root rights. Additionally, it allows for remote code execution in configurations utilizing the X11 session for access.
The other three vulnerabilities could result in memory content leakage or abrupt termination of operations. These vulnerabilities exploit a different byte order on the client side compared to the server side. To address this, the new release offers the option to block clients with systems using a different byte order by disabling the ALLOWBYTESWAPEDCLIENTS configuration parameter or the command line option “+ByteswappedClents.”
A modification in the default value aids in safeguarding against potential unidentified vulnerabilities that manipulate bytes. Such vulnerabilities arise from a change in the byte order interpretation, causing incorrect reading or writing in memory with a size larger than the allocated buffer holds.
Though support for clients with different byte orders is maintained by default, the practical use of byte order transformation is minimal. This is because the machines running the X-server typically feature processors with a Little-Endian byte order (from younger to older), while connecting X-clients with a Big-Endian order, such as the S390X platform (IBM ZSYSTEMS), is uncommon.
The identified problems in the X.org Server version have been effectively resolved, offering enhanced security and stability for users utilizing X11 applications in a Wayland environment.