Debian NOT vulnerable to recently-announced Xlib security flaw

To: security@debian.org
Cc: debian-x@lists.debian.org
Subject: Debian NOT vulnerable to recently-announced Xlib security flaw
From: Branden Robinson <branden@debian.org>
Date: Thu, 5 Sep 2002 11:44:54 -0500
Message-id: <[🔎] 20020905164454.GQ26297@deadbeast.net>
Mail-followup-to: security@debian.org, debian-x@lists.debian.org

Greetings, friendly security folks.

I've put some info up on the X Strike Force page about the recently
announced Xlib flaw in XFree86 4.2.0.

Please feel free to refer any panicked inquiries to
http://people.debian.org/~branden/

I'm also happy to update my page with more information as it comes in.

At first glance I'm not sure how to exploit this bug, and David Dawes
didn't come right out and explain, but my initial guess is that you have
to code a malicious Xlib internationalization module, put it in the
right place, and wait for a privileged X client to execute.

-- 
G. Branden Robinson                |    I'm sorry if the following sounds
Debian GNU/Linux                   |    combative and excessively personal,
branden@debian.org                 |    but that's my general style.
http://people.debian.org/~branden/ |    -- Ian Jackson

Attachment: pgpbs_GImDpyq.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Debian NOT vulnerable to recently-announced Xlib security flaw
  - From: "Mike A. Harris" <mharris@redhat.com>

Prev by Date: Re: XFree86 4.2.1 update release and Xlib security problem (fwd)
Next by Date: Re: X 4.2 pre1v4 + Xinerama + Gatos
Previous by thread: Re: XFree86 4.2.1 update release and Xlib security problem (fwd)
Next by thread: Re: Debian NOT vulnerable to recently-announced Xlib security flaw
Index(es):
- Date
- Thread