The XMir Security Issue Should Now Be Resolved

Written by Michael Larabel in Ubuntu on 23 August 2013 at 05:11 PM EDT. 13 Comments
UBUNTU
Yesterday we passed along news of an XMir security issue where using Canonical's X11 transition layer in communicating with the Mir display server, when performing a VT switch the XMir session can still read input from devices. Fortunately, this issue looks to now be resolved.

This XMir security issue is rather pressing since when doing a VT switch, the XMir session could still read usernames/passwords and other information when logging into a virtual terminal.

With Mir's revision 1003 as of hours ago, focus notifications are now sent to the client that should workaround this security issue. Expect new Mir packages to appear in the Ubuntu 13.10 repository in due time. We're also waiting on more Mir features to land ahead of the Ubuntu 13.10 feature freeze next week.
13 Comments
Related News
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
Ubuntu 24.04 Beta Now Available For Testing
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Canonical Announces Ubuntu Pro For Devices
Netplan 1.0 Is Ready To Go For Ubuntu 24.04 LTS
Ubuntu 24.04 Beta Delayed Due To XZ Nightmare
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming