Bug 7349 - libX11 1.0.2 missing setuid security fix
Summary: libX11 1.0.2 missing setuid security fix
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xlib (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Xorg Project Team
QA Contact:
URL:
Whiteboard:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2006-06-28 01:14 UTC by Mike A. Harris
Modified: 2006-07-11 09:16 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
This is the attachment description. (420 bytes, patch)
2006-06-28 01:18 UTC, Mike A. Harris 		no flags Details | Splinter Review
View All

Description Mike A. Harris 2006-06-28 01:14:09 UTC 
A new release of libX11 version 1.0.2 was just released recently, which
does not contain the security fixes for the recently reported setuid
problems.

It appears that many of the packages affected by the setuid bugs have not
had new releases containing these security fixes as well.

A new version of libX11 with the setuid fix should be released.
Comment 1 Mike A. Harris 2006-06-28 01:18:00 UTC 
Created attachment 6068 [details] [review]
This is the attachment description.

Patch to fix this issue.
Comment 2 Donnie Berkholz 2006-06-28 01:20:45 UTC 
Only 1 of the 2 instances of seteuid() was fixed in the master branch, so the
cherry-pick to stable branch also missed the second instance.
Comment 3 Donnie Berkholz 2006-07-07 16:24:03 UTC 
Fixed in head and stable branches, commits
e9614c963b532f46a7932c2305a4b177a996a222 and
cde3c0dd72af2b490e80cffca962e3487dd31be4
Comment 4 Mike A. Harris 2006-07-11 09:16:42 UTC 
Confirmed in 1.0.3

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.