klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
 Posted: Thu Oct 24, 2002 1:29 pm Post subject: [gentoo-announce] GLSA: xfree |
 |
|
| Daniel Ahlberg wrote: | ----------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-006
----------------------------------------------------------------------
PACKAGE : xfree
SUMMARY\240: Shared memory may be compromised by local XFree86 users
DATE \240\240 : 2002-10-24 10:00 UTC
EXPLOIT : local
- - --------------------------------------------------------------------
Roberto Zunino discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions 4.2.1. The vulnerability allows a local user who can run XFree86 to gain read/write access to any shared memory segment in the system. Although the use of shared memory segments to store trusted data is not a common practice, by exploiting this vulnerability the attacker potentially can get and/or change sensitive information.
SOLUTION
It is recommended that all Gentoo Linux users who are running x11-base/xfree-4.2.0-r12 and earlier update their systems as follows:
emerge rsync
emerge xfree
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - -------------------------------------------------------------------- |
Mailing List Archive:http://lists.gentoo.org/pipermail/gentoo-announce/2002-October/000224.html
--kurt
_________________
The problem with political jokes is that they get elected |
|
News & Announcements
