OpenBSD Journal

Security Fix 008 for 3.5-stable: xdm

Contributed by grey on from the almost overlooked a patch dept.

Thanks to an anonymous reader who pointed out a fix we had overlooked:

008: SECURITY FIX: May 26, 2004
With the introduction of IPv6 code in xdm(1), one test on the 'requestPort' resource was deleted by accident. This makes xdm create the chooser socket even if xdmcp is disabled in xdm-config, by setting requestPort to 0. See XFree86 bugzilla for details.
A source code patch exists which remedies this problem.

Update: thanks to Brad Smith for pointing out that this issue does not affect 3.4.

(Comments are closed)

  1. By Brad ( brad at comstyle dot com on

    XFree86 (4.3) that comes with OpenBSD 3.4 is not affected by this issue since the IPv6 integration happened between (XFree86) 4.3 and 4.4.

    1. By Anonymous Coward ( on

      you are going to Hell for your crimes. -Gandhi

      1. By Anonymous Coward ( on

        eh ?


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]