aru Posted February 13, 2004 Report Share Posted February 13, 2004 MandrakeSoft Security Advisory MDKSA-2004:012 : XFree86 February 14th, 2004 Updated XFree86 packages fix buffer overflow vulnerabilities Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input; as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing, which could eventually lead to the execution of arbitrary code. Additional vulnerabilities were found by David Dawes, also in the reading of font files. The updated packages have a patch from David Dawes to correct these vulnerabilities. The released versions of Mandrake GNU/Linux affected are: 9.0 9.1 9.2 9.2/AMD64 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0106 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts