drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in xfree86
Name: |
Ausführen beliebigen Codes in xfree86
|
|
ID: |
200210-006 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Fr, 25. Oktober 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
XFree86 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200210-006 --------------------------------------------------------------------
PACKAGE : xfree SUMMARY : Shared memory may be compromised by local XFree86 users DATE : 2002-10-24 10:00 UTC EXPLOIT : local
--------------------------------------------------------------------
Roberto Zunino discovered a vulnerability in the MIT-SHM extension of XFree86 prior to versions 4.2.1. The vulnerability allows a local user who can run XFree86 to gain read/write access to any shared memory segment in the system. Although the use of shared memory segments to store trusted data is not a common practice, by exploiting this vulnerability the attacker potentially can get and/or change sensitive information.
SOLUTION
It is recommended that all Gentoo Linux users who are running x11-base/xfree-4.2.0-r12 and earlier update their systems as follows:
emerge rsync emerge xfree emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9t8Q0fT7nyhUpoZMRAhNtAJ9LVe8VAj8cSWvNfreoZcBgdMewvACgwy64 cSJNZmLWeKfcol6ah9xIYQ8= =fEUk -----END PGP SIGNATURE----- _______________________________________________ gentoo-announce mailing list gentoo-announce@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-announce _______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|