Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both relate to the handling of the xsession file. CVE-2006-5214: A local attacker could open for reading a users ~/.xsession-errors file if they are able to win a race during it's creation and have sufficient privileges (+x) to the victims home directory already. CVE-2006-5215: A local attacker could perform a temporary file attack on the xsession error file created in /tmp and cause it to overwrite particular files of the victim. However this file is only created if the ability to create ~/.xsession-errors in the victims home directory fails, (something the attacker has no control over). The upstream Xsession code was different (and worse) than our xinitrc code, but we should use mkstemp. We've rated these issues as low severity and they can be deferred until a future update for some other reason. Affects: RHEL4, RHEL3, RHEL2.1
covered by bz#230007; should we fix this in rhel we'll create appropriate tracking bugs with flags at that time.