Security concerns (Was Re: XQuartz quextion)
Security concerns (Was Re: XQuartz quextion)
- Subject: Security concerns (Was Re: XQuartz quextion)
- From: Jeremy Huddleston <email@hidden>
- Date: Sun, 25 Nov 2007 01:17:57 -0800
Now if only someone could make the case that Leopard's Xquartz poses
a security problem...
The fix would appear on softwareupdate within two days. Indeed,
couldn't those regular
Well... see my posting about 1.3a1 and its fixes:
CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory
Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList
function in the XC-MISC extension in the X.Org X11 server (xserver)
7.1-1.1.0, and other versions before 20070403, allows remote
authenticated users to execute arbitrary code via a large expression,
which results in memory corruption.
so... yeah... there you go...
Get 1.3a1 which fixes this here: http://people.freedesktop.org/~jeremyhu/x11-apple/releases/1.3a1/
I haven't updated the wiki because I don't want it to appear as though
Ben and I are forking off eachother by having different distribution
sites. We're working on a way to have a single location for
releases. In the mean time, just grab the files from my space there.
--Jeremy
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden