Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Access to the vulnerable code in the SECURITY extension can be prevented by preventing the X server from loading the extension. However, doing so may seriously impair the functionality of the server. Adding the following lines to the X configuration file will disable the SECURITY extension:
Option "SECURITY" "disable"