Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in libx11
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in libx11
ID: MDKSA-2006:199
Distribution: Mandriva
Plattformen: Mandriva 2007.0
Datum: Di, 7. November 2006, 04:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397
Applikationen: libx11

Originalnachricht

This is a multi-part message in MIME format...

------------=_1162868621-16192-1093


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:199
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libx11
Date : November 6, 2006
Affected: 2007.0
_______________________________________________________________________

Problem Description:

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and
1.0.3 opens a file for reading twice using the same file descriptor,
which causes a file descriptor leak that allows local users to read
files specified by the XCOMPOSEFILE environment variable via the
duplicate file descriptor.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ed3642c63b1640928ebd8e997da0fd1e
2007.0/i586/libx11_6-1.0.3-2.1mdv2007.0.i586.rpm
9bf6292e8d6c030b0304efc06912cb5c
2007.0/i586/libx11_6-devel-1.0.3-2.1mdv2007.0.i586.rpm
095b10889206e2c6b012eca03547e6c0
2007.0/i586/libx11_6-static-devel-1.0.3-2.1mdv2007.0.i586.rpm
fa6548ef7176c5a6e460ef9fffe077cd
2007.0/i586/libx11-common-1.0.3-2.1mdv2007.0.i586.rpm
968b2c951219986d64411b8c893463af
2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d32213d0ffd578d1bcc559557ce9a56d
2007.0/x86_64/lib64x11_6-1.0.3-2.1mdv2007.0.x86_64.rpm
a93c8ea58f95f84d339f84a71476cf52
2007.0/x86_64/lib64x11_6-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
0209595d4383b158efd2156f92f3fa89
2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
498a8fb81c8f94b708467b112deae6be
2007.0/x86_64/libx11-common-1.0.3-2.1mdv2007.0.x86_64.rpm
968b2c951219986d64411b8c893463af
2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFT8mGmqjQ0CJFipgRAnxQAJ4uXFcmiod3UYKMQwUTu7rxLZa09wCfU11h
2VIRgKL/chUG7QNW45yZhmc=
=L/v3
-----END PGP SIGNATURE-----


------------=_1162868621-16192-1093
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1162868621-16192-1093--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung