IBM Information for VU#312313
Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function
The AIX operating system is vulnerable to the xfs issues discussed in CA-2002-34 in releases 4.3.3, 5.1.0 and 5.2.0.
|IBM provides the following official fixes:|
APAR number for AIX 4.3.3: IY37888 (available approx. 01/29/03)
APAR number for AIX 5.1.0: IY37886 (available approx. 04/28/03)
APAR number for AIX 5.2.0: IY37889 (available approx. 04/28/03)
A temporary patch is available through an efix package which can be found at ftp://ftp.software.ibm.com/aix/efixes/security/xfs_efix.tar.Z.
The vendor has not provided us with any further information regarding this vulnerability.
Please note that IBM sent this statement on Dec 5, 2002.
If you have feedback, comments, or additional information about this vulnerability, please send us email.