Bug 213280 (CVE-2006-5397) - CVE-2006-5397 libX11 file descriptor leak
Summary: CVE-2006-5397 libX11 file descriptor leak
Alias: CVE-2006-5397
Product: Fedora
Classification: Fedora
Component: libX11
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Adam Jackson
QA Contact:
URL: https://bugs.freedesktop.org/show_bug...
Whiteboard: impact=low,source=vendorsec,public=20...
Depends On:
TreeView+ depends on / blocked
Reported: 2006-10-31 16:12 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-01-30 00:49:28 UTC
Type: ---

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
FreeDesktop.org 8699 0 None None None Never

Description Josh Bressers 2006-10-31 16:12:15 UTC
Kees Cook found a bug in the libX11 Xinput module in the way it handles certain
file descriptors.  This could allow a local user to gain access to files owned
by the utmp user which they normally should not have access to.j

Comment 2 Göran Uddeborg 2007-01-22 16:31:53 UTC
According to bug 216413 this has been fixed in RHEL 5 beta.  Is there a chance
it will be available for FC too?

I have some users here who get bitten by this.  On some web sites, Flash sites
probably, it appears that one descriptor is leaked per mouse click or something
like that.  After one thousand clicks Firefox doesn't respond any more, or
crashes outright.  The users have been less than happy, since they were "almost

I hoped for an upgrade from the distribution, so I didn't have to rebuild
myself.  Can I expect one, or should I do my own rebuild?

Comment 3 Adam Jackson 2007-01-30 00:49:28 UTC
libX11-1.0.3-6.fc6 and -1.0.3-7.fc7 have the fix.  The former is on its way to
updates now.

Note You need to log in before you can comment on or make changes to this bug.