Bug#232378: xfree86: XFree86 local expoitable buffer overflow (SECURITY)

To: 232378-submitter@bugs.debian.org
Subject: Bug#232378: xfree86: XFree86 local expoitable buffer overflow (SECURITY)
From: Branden Robinson <branden@debian.org>
Date: Thu, 12 Feb 2004 11:04:52 -0500
Message-id: <[🔎] 20040212160451.GA7903@deadbeast.net>
Reply-to: Branden Robinson <branden@debian.org>, 232378-quiet@bugs.debian.org
In-reply-to: <[🔎] E1ArFC2-0005aA-00@g35.physik.fu-berlin.de>
References: <[🔎] E1ArFC2-0005aA-00@g35.physik.fu-berlin.de>

On Thu, Feb 12, 2004 at 12:39:42PM +0100, Tobias Burnus wrote:
> Package: xfree86
> Severity: serious
> 
> See
> http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false
> and existing exploit in
> http://www.securityfocus.com/archive/1/353493/2004-02-09/2004-02-15/0
> 
> the patch is available from
> ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff

Thanks for the report.

FYI, I have been in touch with the Debian Security Team and folks from
other distribution vendors for several days now regarding this issue.

-- 
G. Branden Robinson                |     I'm not going to waste my precious
Debian GNU/Linux                   |     flash memory with Perl when I can
branden@debian.org                 |     do so much more with it.
http://people.debian.org/~branden/ |     -- Joey Hess

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#232378: xfree86: XFree86 local expoitable buffer overflow (SECURITY)
  - From: Tobias Burnus <tobias.burnus@physik.fu-berlin.de>

Prev by Date: Bug#232390: libxrender1: Text end up on the wrong place with dual head
Next by Date: XSF SVN repos and services back up, except for ViewCVS
Previous by thread: Bug#232378: xfree86: XFree86 local expoitable buffer overflow (SECURITY)
Next by thread: Bug#232378: marked as done (xfree86: XFree86 local expoitable buffer overflow (SECURITY))
Index(es):
- Date
- Thread