buffer overflow in XFree

Jochen Schroeder jschrod at uni-muenster.de
Mon Sep 1 21:38:16 PDT 2003


Dan Osterrath wrote:
> For those of you using still xfs theres an possible buffer overflow in the 
> XFree font libraries.
> 
> http://www.securityfocus.com/archive/1/335592
> 
> The fix is to disable the SUID bit for XFree but I think this is realls bad as 
> you can't access some devices and some files anymore which makes XFree slow. 
> (Remember the discussion bout /tmp/.ICE-unix) So disabling xfs and using the 
> internal font rendering engine might be a better fix.
> 
> 
Kelledin backported a fix from cvs,it can be found on the patches list.

Cheers
Jochen




More information about the lfs-security mailing list