Description of problem: libasound.so will disable the stack execution protection for all the apps using it, which is quite a big chunk of our desktop apps. The cause is a bit of evil code in src/mixer/mixer.c I will attach a patch to fix this. Note that this is a rather serious security issue due to the effect of disabling stack protection (both execshield segment and NX) for a wide range of applications at once.
Created attachment 109498 [details] patch to fix this issue
I'm assigning this issue CAN-2005-0087 as it borderline qualifies for a CVE name under the definition of "exposure". Since this has the potential to disable stack execution protection for a large number of applications, it's violating a reasonable security stance for the RHEL4 product.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-033.html