XFree86-4.3.0 Xft vulnerability patch

Kelledin kelledin+BLFS at skarpsey.dyndns.org
Sun Aug 31 11:30:27 PDT 2003

"blemix" <blemux at hush.com> recently reported a series of integer 
overflow vulnerabilities in XFree86 4.3.0 to the 
bugtraq at securityfocus.com mailing list.  Primarily these are 
integer overflow errors which in certain configurations could 
lead to the X server executing arbitrary code.


The bugs are (at least partially) fixed in XFree86-CVS.  A couple 
of comments in the code suggest that they're not completely 
fixed--I'm watching the XFree86 CVS commits, so I'll probably 
know if further fixes come down the pipe.  In the meantime I 
took the liberty of backporting the incremental diffs from CVS 
and creating a patch that applies to both XFree86 4.3.0 and  So far all I can say is, "it compiles, and it _seems_ 
to work."

The patch can be found at 
http://skarpsey.dyndns.org/XFree86-4.3.0-xftfix-1.patch.bz2 (or 
attached to this message).

"If a server crashes in a server farm and no one pings it, does 
it still cost four figures to fix?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: XFree86-4.3.0-xftfix-1.patch.bz2
Type: application/x-bzip2
Size: 2880 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-security/attachments/20030831/35e6b571/attachment.bin>

More information about the lfs-security mailing list