Re: Security concerns (Was Re: XQuartz quextion)
Re: Security concerns (Was Re: XQuartz quextion)
- Subject: Re: Security concerns (Was Re: XQuartz quextion)
- From: Robert T Wyatt <email@hidden>
- Date: Sun, 25 Nov 2007 08:37:08 -0600
- Organization: The University of Texas at Austin
Jeremy Huddleston wrote:
Now if only someone could make the case that Leopard's Xquartz poses a
security problem...
The fix would appear on softwareupdate within two days. Indeed,
couldn't those regular
Well... see my posting about 1.3a1 and its fixes:
CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1003
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function
in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0,
and other versions before 20070403, allows remote authenticated users to
execute arbitrary code via a large expression, which results in memory
corruption.
so... yeah... there you go...
Get 1.3a1 which fixes this here:
http://people.freedesktop.org/~jeremyhu/x11-apple/releases/1.3a1/
I haven't updated the wiki because I don't want it to appear as though
Ben and I are forking off eachother by having different distribution
sites. We're working on a way to have a single location for releases.
In the mean time, just grab the files from my space there.
--Jeremy
Jeremy,
Is 1.3a1 the one that is picked up by your script?
Thanks,
Robert
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden