There are several security issues in XFree86: 1) two integer overflow flaws in the XFree86 server's EVI and MIT-SHM modules; 2) a heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files; 3) a memory corruption flaw was found in the XFree86 server's XInput extension; 4) an information disclosure flaw was found in the XFree86 server's TOG-CUP extension; 5) an integer and heap overflow flaw were found in the X.org font server, xfs; and 6) a flaw was found in the XFree86 server's XC-SECURITY extention. The risk is MEDIUM. A maliciuos authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server.
More...
