Ademar de Souza Reis Jr.
2002-10-02 21:27:12 UTC
Hello everyone.
I didn't see fixes for the MIT-SHM vulnerability from any vendor besides
the Caldera update for XFree86-4.1.2 from March:
http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3
The point is that, as far as I can understand, even that fix is not
complete, as stated in the XFree86 security page:
(http://www.xfree86.org/security/)
* The MIT-SHM update in 4.2.1 is incomplete as the case where the X
server is started from xdm was not handled. A more complete fix from
the XFree86 trunk has been committed to the xf-4_2-branch branch.
A source patch against 4.2.1 is available on the XFree86 FTP site.
So, any vendor planning a (new) release for this vulnerability?
Or maybe someone released something and I'm blind?
Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
I didn't investigate it and if someone is working on it, please tell me
(otherwise I'll do it by myself :-).
Still talking about XFree86, I didn't see advisories/fixes from all vendors
(except SuSE, IIRC) for the xlib i18n local vulnerability... Any special
reason for this delay?
I don't know if it's just my feeling, but looks like everyone is "afraid" of
updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous
to me, and I remember an old issue about using large fonts to cause
a serious DoS (mozilla was a vector for the attack - it's fixed already -, but
I tested it using other browsers as well) which is still unfixed.
http://web.lemuria.org/security/mozilla-dos.html
http://www.theregister.co.uk/content/55/25689.html
Any comments?
Thanks.
I didn't see fixes for the MIT-SHM vulnerability from any vendor besides
the Caldera update for XFree86-4.1.2 from March:
http://old.lwn.net/alerts/Caldera/CSSA-2002-009.0.php3
The point is that, as far as I can understand, even that fix is not
complete, as stated in the XFree86 security page:
(http://www.xfree86.org/security/)
* The MIT-SHM update in 4.2.1 is incomplete as the case where the X
server is started from xdm was not handled. A more complete fix from
the XFree86 trunk has been committed to the xf-4_2-branch branch.
A source patch against 4.2.1 is available on the XFree86 FTP site.
So, any vendor planning a (new) release for this vulnerability?
Or maybe someone released something and I'm blind?
Anyway, the new patch mentioned definetely fails to apply in 4.0.3.
I didn't investigate it and if someone is working on it, please tell me
(otherwise I'll do it by myself :-).
Still talking about XFree86, I didn't see advisories/fixes from all vendors
(except SuSE, IIRC) for the xlib i18n local vulnerability... Any special
reason for this delay?
I don't know if it's just my feeling, but looks like everyone is "afraid" of
updating XFree86 :-). The MIT-SHM and the xlib i18n vulns sound very dangerous
to me, and I remember an old issue about using large fonts to cause
a serious DoS (mozilla was a vector for the attack - it's fixed already -, but
I tested it using other browsers as well) which is still unfixed.
http://web.lemuria.org/security/mozilla-dos.html
http://www.theregister.co.uk/content/55/25689.html
Any comments?
Thanks.
--
Ademar de Souza Reis Jr. <ademar-KCZ47A4bww4P48s/***@public.gmane.org>
^[:wq!
Ademar de Souza Reis Jr. <ademar-KCZ47A4bww4P48s/***@public.gmane.org>
^[:wq!