Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-124: XFree86 Security Update

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-124: XFree86 Security Update
# 1  
Old 01-22-2008
S-124: XFree86 Security Update
There are several security issues in XFree86: 1) two integer overflow flaws in the XFree86 server's EVI and MIT-SHM modules; 2) a heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files; 3) a memory corruption flaw was found in the XFree86 server's XInput extension; 4) an information disclosure flaw was found in the XFree86 server's TOG-CUP extension; 5) an integer and heap overflow flaw were found in the X.org font server, xfs; and 6) a flaw was found in the XFree86 server's XC-SECURITY extention. The risk is MEDIUM. A maliciuos authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT X11R4

xdpyinfo

XDPYINFO(1)						      General Commands Manual						       XDPYINFO(1)

NAME

       xdpyinfo - display information utility for X

SYNOPSIS

       xdpyinfo [-display displayname] [-queryExtensions] [-ext extension-name]

DESCRIPTION

       Xdpyinfo  is  a	utility  for displaying information about an X server.	It is used to examine the capabilities of a server, the predefined
       values for various parameters used in communicating between clients and the server, and the different types of screens and visuals that are
       available.

       By  default,  numeric  information  (opcode,  base  event, base error) about protocol extensions is not displayed.  This information can be
       obtained with the -queryExtensions option.  Use of this option on servers that dynamically load extensions will likely cause  all  possible
       extensions to be loaded, which can be slow and can consume significant server resources.

       Detailed  information  about  a particular extension is displayed with the -ext extensionName option.  If extensionName is all, information
       about all extensions supported by both xdpyinfo and the server is displayed.

ENVIRONMENT

       DISPLAY To get the default host, display number, and screen.

SEE ALSO

       X(7), xprop(1), xrdb(1), xwininfo(1), xdriinfo(1), xvinfo(1), glxinfo(1)

AUTHOR

       Jim Fulton, MIT X Consortium
       Support for the XFree86-VidModeExtension, XFree86-DGA, XFree86-Misc, and XKB extensions added by Joe Moss

X Version 11							  xdpyinfo 1.0.3						       XDPYINFO(1)