Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-124: XFree86 Security Update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-124: XFree86 Security Update
# 1  
Old 01-22-2008
S-124: XFree86 Security Update
There are several security issues in XFree86: 1) two integer overflow flaws in the XFree86 server's EVI and MIT-SHM modules; 2) a heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files; 3) a memory corruption flaw was found in the XFree86 server's XInput extension; 4) an information disclosure flaw was found in the XFree86 server's TOG-CUP extension; 5) an integer and heap overflow flaw were found in the X.org font server, xfs; and 6) a flaw was found in the XFree86 server's XC-SECURITY extention. The risk is MEDIUM. A maliciuos authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT XFREE86

getconfig

getconfig(1)						      General Commands Manual						      getconfig(1)

NAME

       getconfig - get configuration information for the XFree86 server

SYNOPSIS

       getconfig [option ...]

DESCRIPTION

       getconfig is a programmatic interface that is used by the XFree86 server to get configuration information about video hardware when operat-
       ing without an XF86Config file.

       This implementation of getconfig is written in perl.  It processes a prioritized and ordered list of rules  supplied  internally  and  from
       meta-configuration files.  The rules are in the form of perl expressions.  getconfig writes to standard output the XF86Config-style config-
       uration data specified by the last highest priority rule that evaluates to true.  Information about the format  of  the	meta-configuration
       files can be found in the getconfig(5) manual page.

OPTIONS

       -I search-path
	       Specify the search path to use for meta-config files.  search-path is a comma-separated list of directories to search.  Each direc-
	       tory in the search path is searched for files with a .cfg suffix.  Each such file is opened  and  checked  for  a  valid  signature
	       string.	 Rules are read from files with a valid signature string and appended to the list of rules to evaluate.  If no search path
	       is specified, only the internally supplied configuration rules will be used.

       -D      Enable debugging output.

       -V      Print out the version information and exit.

       -X XFree86-version
	       Specify the XFree86 version in numeric (integer) form.

       -b subsys-id
	       Specify the PCI subsystem ID of the video device.

       -c class
	       Specify the PCI class of the video device.

       -d device-id
	       Specify the PCI device ID of the video device.

       -r revision
	       Specify the PCI revision of the video device.

       -s subsysvendor-id
	       Specify the PCI subsystem vendor ID of the video device.

       -v vendor-id
	       Specify the PCI vendor ID of the video device.

       -S sbus-path
	       Specify the SBUS path of the video device.

FILES

       .cfg files located in the search path.  The search path typically specified by the XFree86 server is:

	   /etc/X11
	   /usr/X11R6/etc/X11
	   <modulepath>
	   /usr/X11R6/lib/X11/getconfig

       where <modulepath> is the XFree86 server's module search path.

SEE ALSO

       getconfig(5), XFree86(1), XF86Config(5).

AUTHORS

       The XFree86 automatic configuration support and the getconfig interface was written by David H. Dawes, with the support of  X-Oz  Technolo-
       gies.

XFree86 							   Version 4.7.0						      getconfig(1)