Debian Security Advisory
xfree -- insecure file handling
- Date Reported:
- undated
- Affected Packages:
- xserver-*
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
XF86_* servers don't check permissions on the alternate config file.
This enables reading of the first line of any file by ordinary users.
Fixed in XF86_* 3.3.1-6 and later.
- Fixed in:
- Intel - (in release 1.3) XF86* 3.3.1-6