XFree86 Security Issues
XFree86 security contact
To report a security related problem in XFree86, contact security at XFree86.org.
If you prefer to send encrypted mail, use the security public key.
Recent XFree86 security fixes
This is a summary of security related fixes in successive XFree86
184.108.40.206 experimental snapshot
- Additional libXpm issues
- All fixes listed hereafter since 4.4.0.
220.127.116.11 experimental snapshot
18.104.22.168 experimental snapshot
- Integer overflow in libICE/libSM.
22.214.171.124 experimental snapshot
126.96.36.199 experimental snapshot
- xdm listen on random socket when DisplayManager.requestPort is 0
This release includes all fixes listed hereafter since 4.3.0.
188.8.131.523 Release Candidate
184.108.40.206 experimental snapshot
- Check for failure of the pam_setcred() function in xdm
- Better pseudo-random number generation for XDM session
220.127.116.11 experimental snapshot
- Fixes for potential integer overflows in font
No major security updates are included in this release. The
following enhancements can be noted however:
- Add a X server configuration option (DontVTSwitch) to
disable the VT switching hot keys.
- Add a resource setting to xterm (AllowWindowsOps) to
disable the extended window operations (e.g., resize, iconify,
report window attributes). This addresses CAN-2003-0063.
- Fix two possible DoS (character sequences causing infinite
loops in special cases of mouse hilite tracking and DECUDK parsing
CAN-2003-0071) in xterm.
- The MIT-SHM update in 4.2.1 is incomplete as the case where the
X server is started from xdm was not handled. A more complete fix
from the XFree86 trunk was committed to the xf-4_2-branch
source patch against 4.2.1 is available on the XFree86 FTP
- Fix a zlib bug that may have security implications on some
- MIT-SHM update should not access SHM segments which the
client does not have sufficient access privileges.
- Fix an Xlib problem which made it possible to load and
execute arbitrary code in privileged clients.
- Close a hole where anyone can connect to the X server if the
xdm auth dir does not exist.
- Do not let a non-root user halt the machine by having X
send SIGUSR1 to the init(8) process.
- Fix a buffer overflow in glyph clipping for large origin.
- Fix authentication issues with mmap() on drm devices.
- Check for negative reply length/overflow in _XAsyncReply.
- Plug kernel security hole in Linux int10
- Fix temp files vulnerabilities in xman, Xaw and man page
- Fix an XSecurity extension bug that could cause an X server
- Fix a possible overflow in xkb options parsing.
- Fixed recently publicized security issues in some of the X
libraries, including: a possible libICE DoS, a possible xdmcp DoS,
and some potentially exploitable integer overflows.
- Improved xterm log file security (still not compiled in by
- Fix for xterm DoS with arbitrarily large resize requests.
- Log failed xdm logins through syslog (only enabled on OpenBSD
- Add a new resource "allowRootLogin" to xdm (True by
- Support in xdm for PAM on Linux and for KerberosIV on
- Add request bounds checking for xfs.
- Fix possible races in xauth and libXau.
- Fix for some insecure uses of mktemp(3) in the imake
- Update the default xdm config file to disable listening for
- Fixes to config utils and x11pcomp.
- Fix a potential SEGV in xauth.
- Fix a problem in xtrans with sub-directories creation under
XFree86® is a registered trademark of The XFree86
Copyright © 1994-2006 XFree86 Project, Inc.
All rights reserved. This page is XHTML 1.0 transitional.
Last Modified: 11 April 2006