Notified: September 12, 2002 Updated: September 16, 2002
Not Affected
Regarding VU#169059 - X11 vulnerable to buffer overflow, we do not ship the X11 libraries in Mac OS X or Mac OS X Server. This means that Mac OS X and Mac OS X Server are not vulnerable to this problem unless a user adds the X11 libraries on their own.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 12, 2002 Updated: March 24, 2003
Not Affected
Source: Hewlett-Packard Company Software Security Response Team cross reference id: SSRT2275 HP-UX - not vulnerable HP-MPE/ix - not vulnerable HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable To report potential security vulnerabilities in HP software, send an E-mail message to: mailto:security-alert@hp.com
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 12, 2002 Updated: September 16, 2002
Not Affected
None of our products are vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 12, 2002 Updated: September 16, 2002
Not Affected
We don't re-distribute X11.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 28, 2002 Updated: September 13, 2002
Affected
Any command linked to this library that accepts the -xrm option [including xterm] will core dump if a long string is used as the argument. Any setuid setgid program that accepts the -xrm option is vulnerable to attack. We now have fixes for this issue for both Open UNIX and UnixWare on our security website: http://stage.caldera.com/support/security/ as advisory CSSA-2002-SCO.15.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.