Summary: | x11-libs/libX11 1.0.2 and 1.0.3 file descriptor leak (CVE-2006-5397) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Drew (RETIRED) <aetius> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED INVALID | ||||||||
Severity: | minor | CC: | x11 | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugs.freedesktop.org/show_bug.cgi?id=8699 | ||||||||
Whiteboard: | B4 [stable?] Falco | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Matt Drew (RETIRED)
2006-11-01 14:41:11 UTC
I'm working on 1.0.3-r1 which will include the patch from upstream. Created attachment 101141 [details, diff]
CVE-2006-5397.patch
Fix from upstream.
Created attachment 101143 [details]
libX11-1.0.3-r1.ebuild
Ebuild that includes the patch.
I probably won't be able to commit these for 2-4 hours. I'm assuming I'm clear to do so since this issue is already public? Our xterm does not install sgid, so I don't think there is really any effect of this. From the upstream bug: "So far xterm seems to be the only problematic app (setgid), but with its normal gid no security relevant files can be accessed." Yeah, it didn't seem like it was particularly exploitable. I do think it should go into the tree, but maybe we just don't need to rush stabilization. Not only that, but I don't feel there's any need for a GLSA either unless you want to send one out that says "Hi, this isn't really an exploit on Gentoo but since other people are sending advisories, we will too" Hm. On more thinking, it's conceivable that the problem could result in access to files owned by the utmp group via libutempter. I've put 1.0.3-r1 into the tree with the above patch. It would be useful if a security audit person could determine whether this actually affects us in any way, given that our xterm is not sgid and uses the sgid libutempter instead. Falco, any news on this one? (In reply to comment #11) > Falco, any news on this one? > Donnie and all are right: we're probably not affected by this issue. I suggest to close this bug ("invalid") closing as invalid. |