Greetings, friendly security folks. I've put some info up on the X Strike Force page about the recently announced Xlib flaw in XFree86 4.2.0. Please feel free to refer any panicked inquiries to http://people.debian.org/~branden/ I'm also happy to update my page with more information as it comes in. At first glance I'm not sure how to exploit this bug, and David Dawes didn't come right out and explain, but my initial guess is that you have to code a malicious Xlib internationalization module, put it in the right place, and wait for a privileged X client to execute. -- G. Branden Robinson | I'm sorry if the following sounds Debian GNU/Linux | combative and excessively personal, branden@debian.org | but that's my general style. http://people.debian.org/~branden/ | -- Ian Jackson
Attachment:
pgpbs_GImDpyq.pgp
Description: PGP signature