An ancient kernel hole in Linux, which has been present from 2003, was recently closed after constant nagging and bug reports. The problem was with the X server using a huge stack that has a good chance of running into an adjacent heap memory.
The same vulnerability was cited earlier and was brought to the notice of the Linux security team a number of times but they turned a deaf ear to it each time. Only recently, they have taken this seriously and Torvalds has finally fixed this bug. However, the bugfix itself requires a further fix and the complete change will appear in the next stable update of the Linux kernel. As for those running a development version, it is available for download here.
Torvalds has implemented a guard between the stack and the heap so that the stack does not overrun the heap memory in any case. However, people everywhere are frowning upon the time of two months this problem took to be fixed, after the first citation and the first formal reporting. Linux has been held in high esteem for its security and this matter has earned Linux some bad name already.
Keith Packard, an X.org hacker was also working on a fix for this but his code was rejected by Torvalds as it violated some internal VM rules. The vulnerability was of an extremely serious nature. As Rutkowska puts it,
While it isn’t a direct remote exploit, it only takes one vulnerable X client (web browser, PDF viewer, etc.) to turn it into something that is remotely exploitable.