[stsf] STSF Security Bulletin 02/28/2005
Alan Coopersmith
Alan.Coopersmith at Sun.COM
Mon Feb 28 19:39:33 PST 2005
A security vulnerability in the Standard Type Services Framework font server
process, stfontserverd, has been found and fixed. This bug may allow a local
unprivileged user the ability to overwrite or remove files on the system
which they normally would not have permission to change. This issue is
identified in Sun's bug database as bug id 5104693.
If you are running Solaris 9 4/04 or later, with the bundled STSF software,
you can close this hole by applying one of these Sun patches which have now
been released:
Solaris 9 SPARC: 117201-09
Solaris 9 x86: 117202-09
For more information on the Solaris 9 patches, see the official Sun Security
Alert at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1
If you are running a Solaris 10 Beta release, or Solaris Express 11/04 or
earlier, with the bundled STSF software, you can close this hole by upgrading
to either the official release of Solaris 10 or Solaris Express 2/05 or newer.
If you are using STSF software not built/provided by Sun, you can close this
hole by upgrading to a version built with the fix checked into the STSF CVS
tree on freedesktop.org today (Feb. 28, 2005). Instructions on checking out
the code from CVS on freedesktop.org can be found at:
http://freedesktop.org/wiki/Software/STSF
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the stsf
mailing list