buffer overflow in XFree

Jochen Schroeder jschrod at uni-muenster.de
Tue Sep 2 03:45:36 PDT 2003


Bruce Dubbs wrote:
> Jochen Schroeder wrote:
> 
>> Dan Osterrath wrote:
>>
>>> For those of you using still xfs theres an possible buffer overflow 
>>> in the XFree font libraries.
>>>
>>> http://www.securityfocus.com/archive/1/335592
>>>
>>> The fix is to disable the SUID bit for XFree but I think this is 
>>> realls bad as you can't access some devices and some files anymore 
>>> which makes XFree slow. (Remember the discussion bout /tmp/.ICE-unix) 
>>> So disabling xfs and using the internal font rendering engine might 
>>> be a better fix.
>>>
>>>
>> Kelledin backported a fix from cvs,it can be found on the patches list. 
> 
> 
> I don't see a recent fix at 
> ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes.  The only fix is dated 
> May 10th, and that's in BLFS now. BTW, the patches directory are for 
> upgrading from 4.2.
>  -- Bruce
> 
Sorry I wasn't clear enough I meant patches at linuxfromscratch.org, so it 
is not an official patch.
Cheers
Jochen




More information about the lfs-security mailing list