buffer overflow in XFree
bdubbs at swbell.net
Tue Sep 2 07:17:35 PDT 2003
Jochen Schroeder wrote:
> Dan Osterrath wrote:
>> For those of you using still xfs theres an possible buffer overflow
>> in the XFree font libraries.
>> The fix is to disable the SUID bit for XFree but I think this is
>> realls bad as you can't access some devices and some files anymore
>> which makes XFree slow. (Remember the discussion bout /tmp/.ICE-unix)
>> So disabling xfs and using the internal font rendering engine might
>> be a better fix.
> Kelledin backported a fix from cvs,it can be found on the patches list.
I don't see a recent fix at
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes. The only fix is dated
May 10th, and that's in BLFS now. BTW, the patches directory are for
upgrading from 4.2.
More information about the lfs-security