buffer overflow in XFree

Bruce Dubbs bdubbs at swbell.net
Tue Sep 2 07:17:35 PDT 2003

Jochen Schroeder wrote:

> Dan Osterrath wrote:
>> For those of you using still xfs theres an possible buffer overflow 
>> in the XFree font libraries.
>> http://www.securityfocus.com/archive/1/335592
>> The fix is to disable the SUID bit for XFree but I think this is 
>> realls bad as you can't access some devices and some files anymore 
>> which makes XFree slow. (Remember the discussion bout /tmp/.ICE-unix) 
>> So disabling xfs and using the internal font rendering engine might 
>> be a better fix.
> Kelledin backported a fix from cvs,it can be found on the patches list. 

I don't see a recent fix at 
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes.  The only fix is dated 
May 10th, and that's in BLFS now. BTW, the patches directory are for 
upgrading from 4.2.
  -- Bruce

More information about the lfs-security mailing list