X.Org: CVE-2024-9632 critical: local privilege escalation risk
Fellow Linux admins-
When a security researcher in the open source community discovers a vulnerability, it's very important that they follow responsible disclosure best practices. We rely very heavily on responsible researchers who disclose vulnerabilities through proper channels, allowing developers to address issues before they are publicly exposed.
Recently a vuln in the X.org server was discovered that apparently existed for decades. Security researchers communicated the details of the vulnerability to the X.Org developers privately, providing them with the necessary time to develop and release patches in the form of xorg-server-21.1.14 and Xwayland-24.1.4.
This is how it's supposed to work. Be sure to update your Linux machines to patch this vulnerability, but also give thanks to the open source security experts for doing it the right way.
Want to know more about responsible disclosure? Let us know at @lnxsec and I'll write up something to share my 30 years of Linux security experience.
You'll also learn about 17 security bugs recently found in Chromium that could enable attackers to gain complete control of your systems and steal sensitive data.
If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Stay safe out there,

X.OrgThe DiscoveryX.Org, one of the most ubiquitous display servers within the Linux ecosystem, has disclosed an 18-year-old local privilege escalation vulnerability that has been within its code base since 2006. |
ChromiumThe DiscoverySeventeen security bugs were recently found in Chromium, the open-source browser project that is the basis for Google Chrome, including a high-severity use-after-free flaw in Chrome's AI component (CVE-2024-9954). |


