[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian NOT vulnerable to recently-announced Xlib security flaw

Greetings, friendly security folks.

I've put some info up on the X Strike Force page about the recently
announced Xlib flaw in XFree86 4.2.0.

Please feel free to refer any panicked inquiries to

I'm also happy to update my page with more information as it comes in.

At first glance I'm not sure how to exploit this bug, and David Dawes
didn't come right out and explain, but my initial guess is that you have
to code a malicious Xlib internationalization module, put it in the
right place, and wait for a privileged X client to execute.

G. Branden Robinson                |    I'm sorry if the following sounds
Debian GNU/Linux                   |    combative and excessively personal,
branden@debian.org                 |    but that's my general style.
http://people.debian.org/~branden/ |    -- Ian Jackson

Attachment: pgpbs_GImDpyq.pgp
Description: PGP signature

Reply to: