Re: Security concerns (Was Re: XQuartz quextion)
Re: Security concerns (Was Re: XQuartz quextion)
- Subject: Re: Security concerns (Was Re: XQuartz quextion)
- From: Martin Costabel <email@hidden>
- Date: Sun, 25 Nov 2007 11:30:02 +0100
Jeremy Huddleston wrote:
[]
Well... see my posting about 1.3a1 and its fixes:
CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function
in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0,
and other versions before 20070403, allows remote authenticated users to
execute arbitrary code via a large expression, which results in memory
corruption.
Wonderful!
Mr. Apple, are you listening?
--
Martin
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden