Contributed by jose on from the guarded-against-by-ProPolice dept.
Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to propolice, these cannot be exploited to gain privileges, but they can cause the X server to abort.You can find patches here:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch
UPDATE: As someone kindly noted, this is a reliability fix according to the OpenBSD website, not a security fix.
(Comments are closed)
By Anonymous Coward () on
Surely this should just be labelled as a reliability issue then?
By Anonymous Coward () on
It is also interesting that NetBSD lists three more unrelated security advisories:
# DNS negative cache poisoning
# NetBSD-SA2003-017 OpenSSL multiple vulnerability
# NetBSD-SA2003-016 Sendmail - another prescan() bug CAN-2003-0694
I suppose we may be patching for these too soon(?) ...
Comments
By Christian () on http://www.cschwede.de
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Now, is it normal that the build depends on tcl/tk? No big deal to install it, but just wondering...
Also, is it really necessary to rebuild _everything_ in /usr/XF4?
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
Comments
By Anonymous Coward () on
For who, like me, dislike the 'new' colors: the file in which these are defined is:
/etc/X11/app-defaults/XTerm-color
which is copied from:
/usr/XF4/xc/programs/xterm/XTerm-col.ad
Using CVS you can retrieve the 'old' version of this file, and change the colors back.
Comments
By Anonymous Coward () on
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
Comments
By Anonymous Coward () on
I know for sure that files that changed (agpgart support) to get my card working haven't been broken again, so I'm sure this is an X thing.
By Anonymous Coward () on
You can get a lot more information about the complete build process on i386 my reading 'man release' - it's got a really good walk-through of the whole build process from the point of view of preparing a release.