CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak

Debian Bug report logs - #398460
CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak

Date: Mon, 13 Nov 2006 22:47:45 +0100

Package: libx11-6
Version: 2:1.0.3-2
Severity: important
Tags: security


A vulnerability has been found in libx11:
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2
and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment variable
via the duplicate file descriptor.

See
https://bugs.freedesktop.org/show_bug.cgi?id=8699

Please mention the CVE id in the changelog.

Message #10 received at 398460-close@bugs.debian.org (full text, mbox, reply):

From: David Nusinow <dnusinow@debian.org>

To: 398460-close@bugs.debian.org

Subject: Bug#398460: fixed in libx11 2:1.0.3-3

Date: Tue, 14 Nov 2006 17:47:13 -0800

Source: libx11
Source-Version: 2:1.0.3-3

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive:

libx11-6-dbg_1.0.3-3_i386.deb
  to pool/main/libx/libx11/libx11-6-dbg_1.0.3-3_i386.deb
libx11-6_1.0.3-3_i386.deb
  to pool/main/libx/libx11/libx11-6_1.0.3-3_i386.deb
libx11-data_1.0.3-3_all.deb
  to pool/main/libx/libx11/libx11-data_1.0.3-3_all.deb
libx11-dev_1.0.3-3_i386.deb
  to pool/main/libx/libx11/libx11-dev_1.0.3-3_i386.deb
libx11_1.0.3-3.diff.gz
  to pool/main/libx/libx11/libx11_1.0.3-3.diff.gz
libx11_1.0.3-3.dsc
  to pool/main/libx/libx11/libx11_1.0.3-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 398460@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Nusinow <dnusinow@debian.org> (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 14 Nov 2006 19:56:01 -0500
Source: libx11
Binary: libx11-6-dbg libx11-data libx11-6 libx11-dev
Architecture: source i386 all
Version: 2:1.0.3-3
Distribution: unstable
Urgency: high
Maintainer: David Nusinow <dnusinow@debian.org>
Changed-By: David Nusinow <dnusinow@debian.org>
Description: 
 libx11-6   - X11 client-side library
 libx11-6-dbg - X11 client-side library (debug package)
 libx11-data - X11 client-side library
 libx11-dev - X11 client-side library (development headers)
Closes: 398460
Changes: 
 libx11 (2:1.0.3-3) unstable; urgency=high
 .
   [ Julien Cristau ]
   * Urgency high for security bugfix (CVE-2006-5397).
   * Add patch 020_CVE-2006-5397 to fix double fopen() of compose file
   (closes: #398460).  Thanks to Stefan Fritsch for the report.
Files: 
 4c4b7ddb7d028e6ba5e44bd7c5b6de7e 979 x11 optional libx11_1.0.3-3.dsc
 a25715bb1345b5168a8b8ec519ec982a 206622 x11 optional libx11_1.0.3-3.diff.gz
 5dabdfbae3cd6deb3701528a7539f093 154346 x11 optional libx11-data_1.0.3-3_all.deb
 fbe06b5e75d2f817c6958c415381303f 567360 x11 optional libx11-6_1.0.3-3_i386.deb
 599bf6758ddbad2fb0040ff05c7ab369 2450656 x11 extra libx11-6-dbg_1.0.3-3_i386.deb
 61b3edf190aefe3bbf6bb5ebbab2110d 1268248 x11 optional libx11-dev_1.0.3-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFWm4TyLfpNdY0ad8RAqZbAJ4xE8B8aEhRqSaoNWpAcMCZ/wRwtwCggaLP
juJMubQbmoWseFNkw5Ic+AQ=
=0SrW
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.