X Strike Force X.Org X11 SVN commit: r2367 - in trunk/lib/libx11/debian: . patches
Author: dnusinow
Date: 2006-06-30 02:36:03 -0400 (Fri, 30 Jun 2006)
New Revision: 2367
Added:
trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
Modified:
trunk/lib/libx11/debian/changelog
trunk/lib/libx11/debian/patches/series
Log:
* Security update. Fix for setuid privledge escalation vulernabilities.
See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
the full advisory.
Modified: trunk/lib/libx11/debian/changelog
===================================================================
--- trunk/lib/libx11/debian/changelog 2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/changelog 2006-06-30 06:36:03 UTC (rev 2367)
@@ -1,3 +1,11 @@
+libx11 (2:1.0.0-7) unstable; urgency=high
+
+ * Security update. Fix for setuid privledge escalation vulernabilities.
+ See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
+ the full advisory.
+
+ -- David Nusinow <dnusinow@debian.org> Fri, 30 Jun 2006 02:35:34 -0400
+
libx11 (2:1.0.0-6) unstable; urgency=low
* Remove libx11-dev's dependencies on libxi-dev and libxkbfile-dev. Add a
Added: trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
===================================================================
--- trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff 2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff 2006-06-30 06:36:03 UTC (rev 2367)
@@ -0,0 +1,17 @@
+Index: libx11/src/xlibi18n/lcFile.c
+===================================================================
+--- libx11.orig/src/xlibi18n/lcFile.c 2006-06-30 02:34:10.000000000 -0400
++++ libx11/src/xlibi18n/lcFile.c 2006-06-30 02:35:06.000000000 -0400
+@@ -269,7 +269,11 @@
+ if (seteuid(0) != 0) {
+ priv = 0;
+ } else {
+- seteuid(oldeuid);
++ if (seteuid(oldeuid) == -1) {
++ /* XXX ouch, coudn't get back to original uid
++ what can we do ??? */
++ _exit(127);
++ }
+ priv = 1;
+ }
+ #endif
Modified: trunk/lib/libx11/debian/patches/series
===================================================================
--- trunk/lib/libx11/debian/patches/series 2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/patches/series 2006-06-30 06:36:03 UTC (rev 2367)
@@ -10,3 +10,4 @@
010_manpages_fix.diff
011_stolen_from_ubuntu_xlocalelibdir.diff
012_ru_RU_UTF-8_XLC_LOCALE.diff
+013_SECURITY_setuid.diff
Reply to: