Bug#4332: Vulnerability in the Xt library (fwd)

To: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, 4332@bugs.debian.org
Subject: Bug#4332: Vulnerability in the Xt library (fwd)
From: Owen Dunn <owen@greenend.org.uk>
Date: Tue, 3 Sep 1996 23:19:09 +0100
Message-id: <[🔎] 199609032219.XAA20331@sfere.elmail.co.uk>
Reply-to: Owen Dunn <owen@greenend.org.uk>, 4332@bugs.debian.org
In-reply-to: <199608291150.NAA06823@i17linuxb.ists.pwr.wroc.pl>
References: <199608291150.NAA06823@i17linuxb.ists.pwr.wroc.pl>

On Thu, 29 Aug 1996, Marek Michalkiewicz wrote:

> Package: xlib
> Version: 3.1.2-7
> 
> It seems there is a buffer overrun in libXt, which may be a security
> hole (some programs using libXt, such as xterm, are setuid root).
> I haven't tried to exploit it, but xterm -fg very_long_string
> segfaults, so it might be exploitable (stack overwrite).  See the
> attached message (which appeared on the bugtraq list) for a patch.

I'm currently trying to clear some of Steve Early's backlog of X
package bugs; this'll be among them (though it may be a while longer
before the packages get converted to the new source format.)

(S)

Reply to:

Follow-Ups:
- Bug#4332: Vulnerability in the Xt library (fwd)
  - From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>

Prev by Date: Re: /usr/local (again)
Next by Date: Unanswered problem reports by maintainer and package
Previous by thread: Bug#4390: xpdf doesn't set itself up to be launched
Next by thread: Bug#4332: Vulnerability in the Xt library (fwd)
Index(es):
- Date
- Thread