Bug 213280 - (CVE-2006-5397) CVE-2006-5397 libX11 file descriptor leak
CVE-2006-5397 libX11 file descriptor leak
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libX11 (Show other bugs)
6
All Linux
medium Severity low
: ---
: ---
Assigned To: Adam Jackson
https://bugs.freedesktop.org/show_bug...
impact=low,source=vendorsec,public=20...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-31 11:12 EST by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-29 19:49:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
FreeDesktop.org 8699 None None None Never

  None (edit)
Description Josh Bressers 2006-10-31 11:12:15 EST
Kees Cook found a bug in the libX11 Xinput module in the way it handles certain
file descriptors.  This could allow a local user to gain access to files owned
by the utmp user which they normally should not have access to.j
Comment 2 Göran Uddeborg 2007-01-22 11:31:53 EST
According to bug 216413 this has been fixed in RHEL 5 beta.  Is there a chance
it will be available for FC too?

I have some users here who get bitten by this.  On some web sites, Flash sites
probably, it appears that one descriptor is leaked per mouse click or something
like that.  After one thousand clicks Firefox doesn't respond any more, or
crashes outright.  The users have been less than happy, since they were "almost
done".

I hoped for an upgrade from the distribution, so I didn't have to rebuild
myself.  Can I expect one, or should I do my own rebuild?
Comment 3 Adam Jackson 2007-01-29 19:49:28 EST
libX11-1.0.3-6.fc6 and -1.0.3-7.fc7 have the fix.  The former is on its way to
updates now.

Note You need to log in before you can comment on or make changes to this bug.