Bug 7349

Summary:

libX11 1.0.2 missing setuid security fix

Product:

xorg

Reporter:

Mike A. Harris <mharris>

Component:

Lib/Xlib

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED FIXED

QA Contact:

Severity:

normal

Priority:

high

CC:

dberkholz, matthieu.herrb

Version:

unspecified

Keywords:

patch

Hardware:

x86 (IA32)

OS:

Linux (All)

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
This is the attachment description.	none

Description Mike A. Harris 2006-06-28 01:14:09 UTC

A new release of libX11 version 1.0.2 was just released recently, which
does not contain the security fixes for the recently reported setuid
problems.

It appears that many of the packages affected by the setuid bugs have not
had new releases containing these security fixes as well.

A new version of libX11 with the setuid fix should be released.

Comment 1 Mike A. Harris 2006-06-28 01:18:00 UTC

Created attachment 6068 [details] [review]
This is the attachment description.

Patch to fix this issue.

Comment 2 Donnie Berkholz 2006-06-28 01:20:45 UTC

Only 1 of the 2 instances of seteuid() was fixed in the master branch, so the
cherry-pick to stable branch also missed the second instance.

Comment 3 Donnie Berkholz 2006-07-07 16:24:03 UTC

Fixed in head and stable branches, commits
e9614c963b532f46a7932c2305a4b177a996a222 and
cde3c0dd72af2b490e80cffca962e3487dd31be4

Comment 4 Mike A. Harris 2006-07-11 09:16:42 UTC

Confirmed in 1.0.3

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.