Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
RE: [suse-security] XFree86 4.0 local buffer overflow
  • From: devel@xxxxxxxxxxxxxxxxxx
  • Date: Fri, 14 Jul 2000 21:07:14 -0700 (PDT)
  • Message-id: <Pine.LNX.4.21.0007142050440.4539-100000@xxxxxxxxxxxxxxxxxx>
Hello Mr. M,

Let me jump in here for a moment.

On Fri, 14 Jul 2000, Mr. M wrote:

> > XFree86 4.0 local buffer overflow
> >
> > FreeBSD has released updated packages that detail a local buffer
> > overflow in XFree86 version 4.0. The vulnerability lets a local attacker
> > gain root privileges.
> >
> > Updated FreeBSD packages:
> I might be missing something here but what does FreeBSD have to do with SuSE
> Linux or Linux at all?
> FreeBSD is BSD UNIX not Linux.
> XFree86 has nothing to do with the FreeBSD team.

If I'm not mistaken, the same sources for XFree86 are compiled
in Linux as in FreeBSD. So if the FreeBSD people are reporting
a "local buffer overload" in XFree86 4.0, this may also affect
people who are using the SuSE version of it. If so, they may be
giving SuSE the jump on patching their version early, before the
"exploits" come out, and giving *us* a heads up that there may
be an updated version of XFree86 4.0 from SuSE, hopefully soon.

If this is correct, I thank Fred A. Miller for telling us.

Best regards,

Ken Parker

< Previous Next >
Follow Ups