XFree86 4.2.1 is now available. This is an update release, intended primarily to address some security issues. Release notes can be found at <http://www.xfree86.org/4.2.1/RELNOTES.html>, and other information can be found at <http://www.xfree86.org/4.2.1/README.html> and <http://www.xfree86.org/4.2.1/Install.html>. A summary of security updates can be found at <http://www.xfree86.org/security/>. XFree86 4.2.1 is available at <ftp://ftp.xfree86.org/pub/XFree86/4.2.1/>.
The main security problem that prompted this release is a vulnerability in the Xlib modular i18n support that was added in XFree86 4.2.0. It makes it possible to cause a privileged Xlib client to load and execute arbitrary code. In the worst case this can be exploited locally to obtain a root shell. Releases of XFree86 prior to 4.2.0 do not have this problem. The XFree86 CVS trunk and xf-4_2-branch have this fixed as of today. A patch for 4.2.0 correcting just this problem can be found at <ftp://ftp.xfree86.org/pub/XFree86/4.2.0/fixes/4.2.0-xlib-security.patch>. David -- David Dawes Release Engineer/Architect The XFree86 Project www.XFree86.org/~dawes _______________________________________________ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
