The XFree86 project has released
XFree86 4.2.1, which fixes a few security problems. The most urgent
problem is a vulnerability in the internationalization code which can allow
an attacker to cause a privileged X client to load and execute arbitrary
code. This vulnerability only exists in XFree86 4.2.0; earlier releases
are not vulnerable.
No distributor updates have been received as of this writing, though
Slackware has updated its XFree86 packages.
to post comments)