[23437] in bugtraq
Re: Crashing X
daemon@ATHENA.MIT.EDU (Seth Arnold)
Sat Dec 8 04:34:06 2001
Date: Fri, 7 Dec 2001 16:55:33 -0800
From: Seth Arnold <sarnold@wirex.com>
To: bugtraq@securityfocus.com
Message-ID: <20011207165533.M7800@wirex.com>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="YKGyq5YQxDjF8U6+"
Content-Disposition: inline
In-Reply-To: <01120720451400.04541@mainframe>; from smackenz@sdf.lonestar.org on Fri, Dec 07, 2001 at 09:26:53PM +0000
--YKGyq5YQxDjF8U6+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Dec 07, 2001 at 09:26:53PM +0000, scott wrote:
> I have discovered a little bug in K Desktop 2.1.2 that crashes your X Ser=
ver.
[...]
> Also I tried this in netscape and it didn't work so it suggests its a=20
> konqueror error somewhere or other.
Absolutely not. No X client should ever be able to cause the X server to
crash. (Same deal with compilers and input files .. no input file, no
matter how maliciously written, should ever cause a compiler to
segfault.) This is a bug in XFree86, and, luckily, a known bug. Sadly, I
don't recognize the fix on XFree86's security page.[1]
The vuln-dev Message-ID is <3B822F5F.99227A5F@snosoft.com>. I saw a fix
for it on September 16th, so I'm rather hoping XFree86 releases newer
than that have the fix integrated.
Cheers!
[1]: http://www.xfree86.org/security/
--=20
"In God we trust, all others we monitor."
-- NSA, Intercept Operators's motto, 1970
--YKGyq5YQxDjF8U6+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8EWUF1XMg6PgdEDQRAq/dAJ9p9re0mxhBLcRbvH2gbBiIoSrfzACgy023
Ff4eKBND9cT7Lf6bajkQMhs=
=AUtw
-----END PGP SIGNATURE-----
--YKGyq5YQxDjF8U6+--
