----- Forwarded message from David Dawes <dawes@rf900.physics.usyd.edu.au> ----- Received: from apocalypse.sequitur.org (branden@apocalypse.sequitur.org [192.168.1.1]) by apocalypse.sequitur.org (8.8.8/8.8.8/Debian/GNU) with ESMTP id VAA00630 for <branden@apocalypse.sequitur.org>; Sun, 19 Jul 1998 21:55:35 -0500 Received: from postoffice.purdue.edu by apocalypse.sequitur.org (fetchmail-4.3.9 IMAP) for <branden/apocalypse.sequitur.org> (single-drop); Sun, 19 Jul 1998 21:55:45 EST Received: from debian.novare.net by herald.cc.purdue.edu; Sun, 19 Jul 98 21:52:37 -0500 Received: (qmail 19681 invoked by uid 1155); 20 Jul 1998 02:52:36 -0000 Delivered-To: branden@debian.org Received: (qmail 19676 invoked from network); 20 Jul 1998 02:52:35 -0000 Received: from x.physics.usyd.edu.au (129.78.129.25) by debian.novare.net with SMTP; 20 Jul 1998 02:52:35 -0000 Received: (from daemon@localhost) by x.physics.usyd.edu.au (8.8.5/8.8.5) id MAA26123 for nexus-list@XFree86.Org; Mon, 20 Jul 1998 12:48:59 +1000 (EST) Received: from rf900.physics.usyd.edu.au (rf900.physics.usyd.edu.au [129.78.129.109]) by x.physics.usyd.edu.au (8.8.5/8.8.5) with ESMTP id MAA26118 for <nexus@XFree86.Org>; Mon, 20 Jul 1998 12:48:56 +1000 (EST) Received: (from dawes@localhost) by rf900.physics.usyd.edu.au (8.8.5/8.8.2) id MAA12003; Mon, 20 Jul 1998 12:48:55 +1000 (EST) Message-ID: <19980720124854.E11530@rf900.physics.usyd.edu.au> Date: Mon, 20 Jul 1998 12:48:54 +1000 From: David Dawes <dawes@rf900.physics.usyd.edu.au> To: nexus@XFree86.Org Subject: XFree86 security update Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i Reply-To: nexus@XFree86.Org Errors-To: owner-nexus@XFree86.Org X-Mailing-List: nexus@XFree86.Org Sender: owner-nexus@XFree86.Org X-Note: Send unsubscribe requests to nexus-request@XFree86.Org XFree86 will be releasing a third public patch for version 3.3.2 in the next few days. The main purpose of this patch is to fix some buffer overflows in the X server font code. The main one of these can be exploited by anyone who can both create a file on the system running an X server and make a client connection to an X server that runs as root. This bug is not XFree86-specific. A fix for the main problem was included in TOG's recent public patch 2 for X11R6.4 (that patch is freely redistributable). The patch will include a few other small (non-security) fixes. The patch release will include a source patch, plus fixed X server binaries for the platforms we support and a new binary update tarball containing the other fixed items. David ----- End forwarded message ----- -- G. Branden Robinson | A committee is a life form with six or Purdue University | more legs and no brain. branden@purdue.edu | -- Robert Heinlein http://www.ecn.purdue.edu/~branden/ |
Attachment:
pgpmAv2PHxSXL.pgp
Description: PGP signature