Bug 213280 (CVE-2006-5397)

Summary: CVE-2006-5397 libX11 file descriptor leak
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: libX11Assignee: Adam Jackson <ajax>
Status: CLOSED RAWHIDE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 6CC: goeran
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.freedesktop.org/show_bug.cgi?id=8699
Whiteboard: impact=low,source=vendorsec,public=20061018,reported=20061016
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-30 00:49:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-10-31 16:12:15 UTC 
Kees Cook found a bug in the libX11 Xinput module in the way it handles certain
file descriptors.  This could allow a local user to gain access to files owned
by the utmp user which they normally should not have access to.j
Comment 1 Mark J. Cox 2006-11-20 10:28:03 UTC 
https://bugs.freedesktop.org/show_bug.cgi?id=8699
fix:
https://bugs.freedesktop.org/attachment.cgi?id=7459
Comment 2 Göran Uddeborg 2007-01-22 16:31:53 UTC 
According to bug 216413 this has been fixed in RHEL 5 beta.  Is there a chance
it will be available for FC too?

I have some users here who get bitten by this.  On some web sites, Flash sites
probably, it appears that one descriptor is leaked per mouse click or something
like that.  After one thousand clicks Firefox doesn't respond any more, or
crashes outright.  The users have been less than happy, since they were "almost
done".

I hoped for an upgrade from the distribution, so I didn't have to rebuild
myself.  Can I expect one, or should I do my own rebuild?
Comment 3 Adam Jackson 2007-01-30 00:49:28 UTC 
libX11-1.0.3-6.fc6 and -1.0.3-7.fc7 have the fix.  The former is on its way to
updates now.