tag 234535 = upstream security help retitle 234535 xserver-xfree86: X server can be crashed by xfstt font server (DoS attack) severity 234535 important thanks
On Wed, Apr 28, 2004 at 03:47:54PM +0200, Helge Hafting wrote: > Michel Dänzer wrote: > >On Wed, 2004-04-28 at 12:04, Helge Hafting wrote: > >>I don't know if xfstt does something wrong, but X shouldn't really crash > >>even if xfstt is wrong. One cannot trust font servers to be nice - they > >>may be external after all. > > > >True, but if it only happens with xfstt, there might be little incentive > >to fix this. > > Sure, if an obsolete xfstt is the only problem server. I still think there is a DoS attack here, and I think it's worth trying to track the problem down. Keith, do you know off the top of your head where me might look for trouble if the X server is connected to a misbehaving font server? -- G. Branden Robinson | If I recall correctly, devfs went Debian GNU/Linux | straight from being marked as [EMAIL PROTECTED] | EXPERIMENTAL to OBSOLETE in the http://people.debian.org/~branden/ | kernel config. -- Tore Anderson
signature.asc
Description: Digital signature