Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] XFree86 4.0 local buffer overflow
  • From: "Fred A. Miller" <fm@xxxxxxxxxxx>
  • Date: Mon, 17 Jul 2000 18:43:40 -0400
  • Message-id: <39738C1C.9CF84228@xxxxxxxxxxx>
devel@xxxxxxxxxxx wrote:
>
> Hello Mr. M,
>
> Let me jump in here for a moment.
>
> On Fri, 14 Jul 2000, Mr. M wrote:
>
> > > XFree86 4.0 local buffer overflow
> > >
> > > FreeBSD has released updated packages that detail a local buffer
> > > overflow in XFree86 version 4.0. The vulnerability lets a local attacker
> > > gain root privileges.
> > >
> > > Updated FreeBSD packages:
> >
> > I might be missing something here but what does FreeBSD have to do with SuSE
> > Linux or Linux at all?
> >
> > FreeBSD is BSD UNIX not Linux.
> >
> > XFree86 has nothing to do with the FreeBSD team.
>
> If I'm not mistaken, the same sources for XFree86 are compiled
> in Linux as in FreeBSD. So if the FreeBSD people are reporting
> a "local buffer overload" in XFree86 4.0, this may also affect
> people who are using the SuSE version of it. If so, they may be
> giving SuSE the jump on patching their version early, before the
> "exploits" come out, and giving *us* a heads up that there may
> be an updated version of XFree86 4.0 from SuSE, hopefully soon.
>
> If this is correct, I thank Fred A. Miller for telling us.

I reasoned that it's the same code base, and if so, then great. If not,
sorry for the alert, but I didn't want to wait for confirmation.

Fred

--
----/ / _ Fred A. Miller
---/ / (_)__ __ ____ __ Systems Administrator
--/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services
-/____/_/_//_/\_,_/ /_/\_\ fm@xxxxxxxxxxx


< Previous Next >
References