XFree86-4.3.0 Xft vulnerability patch
kelledin+BLFS at skarpsey.dyndns.org
Sun Aug 31 11:30:27 PDT 2003
"blemix" <blemux at hush.com> recently reported a series of integer
overflow vulnerabilities in XFree86 4.3.0 to the
bugtraq at securityfocus.com mailing list. Primarily these are
integer overflow errors which in certain configurations could
lead to the X server executing arbitrary code.
The bugs are (at least partially) fixed in XFree86-CVS. A couple
of comments in the code suggest that they're not completely
fixed--I'm watching the XFree86 CVS commits, so I'll probably
know if further fixes come down the pipe. In the meantime I
took the liberty of backporting the incremental diffs from CVS
and creating a patch that applies to both XFree86 4.3.0 and
220.127.116.11. So far all I can say is, "it compiles, and it _seems_
The patch can be found at
attached to this message).
"If a server crashes in a server farm and no one pings it, does
it still cost four figures to fix?"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2880 bytes
Desc: not available
More information about the lfs-security