Bugtraq mailing list archives
Re: TOG and xterm problem
From: trevor () JPJ NET (Trevor Johnson)
Date: Sun, 3 May 1998 23:55:24 -0700
seen on www.xfree86.org: [3 May 1998] The Open Group recently released a security advisory concerning vulnerabilities in the xterm program and in the Xaw (Athena Widget) library. These particular problems are associated with buffer overflows in the code that processes the inputMethod and preeditType resources in both xterm and the Xaw library, and the *Keymap resources in xterm. The Xaw problems affect any setuid-root binaries that use the Xaw library (including xterm). The inputMethod and preeditType problems affect all releases of XFree86 from 3.0 to 3.3.2 (inclusive). The *Keymap problem affects all releases of XFree86 up to and including 3.3.2. The Open Group's fixes for these problems are currently available only to its members (XFree86 is not a member). XFree86 is independently releasing its own fixes for these problems. A source patch [1] is available now. Updated binaries for some OSs are also available now, and others will be available soon. The updated binaries can be found in the X3321upd.tgz files in the appropriate subdirectories of the XFree86 3.3.2 binaries directory [2]. Information about installing the updated binaries can be found in an updated version of the XFree86 3.3.2 Release Notes [3]. Note that it is important to follow the instructions in those notes carefully, and that both the updated xterm program and Xaw library must be installed to fix the problem with xterm. Also, the X332bin.tgz and X332lib.tgz files in the XFree86 3.3.2 binaries subdirectories still contain the original buggy versions. When doing an new XFree86 3.3.2 installation it is important to extract the X3321upd.tgz after extracting the others. [1] ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch1 [2] ftp://ftp.xfree86.org/pub/XFree86/3.3.2/binaries [3] http://www.xfree86.org/3.3.2/RELNOTES.html ___ Trevor Johnson
Current thread:
- TOG and xterm problem Jeff Gehlbach (Apr 30)
- Re: TOG and xterm problem Theo de Raadt (May 01)
- Re: TOG and xterm problem Trevor Johnson (May 03)
- Warning! Webmin Security Advisory Jiva DeVoe (May 01)
- Solaris kernel sockets interface (bug?) Natali Gracheva (May 01)
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Valdis.Kletnieks () VT EDU (May 04)
- Netmanage Holes arager () MCGRAW-HILL COM (May 04)
- Re: TOG and xterm problem System Administrator (May 04)
- Re: TOG and xterm problem David Dawes (May 06)
- Netmanage Holes -- addendum arager () MCGRAW-HILL COM (May 04)
- Re: Netmanage Holes -- addendum Tom Czarnik (May 04)
- <Possible follow-ups>
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Theo de Raadt (May 01)