buffer overflow in XFree
jschrod at uni-muenster.de
Tue Sep 2 03:45:36 PDT 2003
Bruce Dubbs wrote:
> Jochen Schroeder wrote:
>> Dan Osterrath wrote:
>>> For those of you using still xfs theres an possible buffer overflow
>>> in the XFree font libraries.
>>> The fix is to disable the SUID bit for XFree but I think this is
>>> realls bad as you can't access some devices and some files anymore
>>> which makes XFree slow. (Remember the discussion bout /tmp/.ICE-unix)
>>> So disabling xfs and using the internal font rendering engine might
>>> be a better fix.
>> Kelledin backported a fix from cvs,it can be found on the patches list.
> I don't see a recent fix at
> ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes. The only fix is dated
> May 10th, and that's in BLFS now. BTW, the patches directory are for
> upgrading from 4.2.
> -- Bruce
Sorry I wasn't clear enough I meant patches at linuxfromscratch.org, so it
is not an official patch.
More information about the lfs-security