[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: xf86/XFree86 (SuSE-SA:2004:006)



On Tue, 24 Feb 2004, Frank Steiner wrote:

> Hi,

Hi.

 
> Thomas Biege wrote:
> 
> > 
> >                         SUSE Security Announcement
> > 
> >         Package:                xf86/XFree86
> >         Announcement-ID:        SuSE-SA:2004:006
> 
> having installed the update on SuSE 8.0, X still crashes using the method
> from http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities&flashstatus=false
> 
> Should that happen?
> 
> cu,
> Frank
> 
> #############
> watson /root/tmp# rpm -q --changelog xf86 | head -n 5

Does this even happen as non-root user?


> * Thu Feb 12 2004 - thomas@xxxxxxx
> 
> - fixed more buffer overflows in fontfile/ direc (#34296)
> - put together old and new bugs in
>   fontfile-sec_bufferoverflows.diff
> 
> # having the fonts.alias and fonts.dir in tmp/:
> watson /root/tmp# X :0 -fp $PWD
> 
> XFree86 Version 4.2.0 / X Window System
> (protocol Version 11, revision 0, vendor release 6600)
> Release Date: 18 January 2002
>         If the server is older than 6-12 months, or if your card is
>         newer than the above date, look for a newer version before
>         reporting problems.  (See http://www.XFree86.Org/)
> Build Operating System: SuSE Linux [ELF] SuSE
> Module Loader present
> Markers: (--) probed, (**) from config file, (==) default setting,
>          (++) from command line, (!!) notice, (II) informational,
>          (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
> (==) Log file: "/var/log/XFree86.0.log", Time: Tue Feb 24 10:10:34 2004
> (==) Using config file: "/etc/X11/XF86Config"
> 
> Fatal server error:
> Caught signal 4.  Server aborting

The original bug triggered a SIGSEGV (11) this one is a SIGILL (4).
Maybe it triggered just another bug. I'll verify the sources...

Bye,
     Thomas
-- 
  Thomas Biege <thomas@xxxxxxx>, SUSE LINUX AG, Security Support & Auditing
--
# If you have the "driftnet" program installed, webcollage can display a
# collage of images sniffed off your local ethernet, instead of pulled out
# of search engines: in that way, your screensaver can display the images
# that your co-workers are downloading!
                                          -- xscreensaver source-code


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here