|
Vulnerability XFCE Affected XFCE 3.5.1 Description Nicholas Brawn found following. XFCE 3.5.1 ships with the following entry in /etc/X11/xfce/xinitrc: xhost +$HOSTNAME If a person is using this on a multiuser system, all local users may connect to their X session and capture keystrokes, etc. Solution Upgrade to XFCE 3.5.2. The offending line has been commented out. For FreeBSD: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz