X Strike Force X.Org X11 SVN commit: r2367 - in trunk/lib/libx11/debian: . patches

To: debian-x@lists.debian.org
Subject: X Strike Force X.Org X11 SVN commit: r2367 - in trunk/lib/libx11/debian: . patches
From: X Strike Force SVN Repository Admin <branden+svnadmin@deadbeast.net>
Date: Fri, 30 Jun 2006 02:36:04 -0400 (EDT)
Message-id: <[🔎] 20060630063605.11FC35C06F@necrotic.deadbeast.net>
Mail-followup-to: debian-x@lists.debian.org

Author: dnusinow
Date: 2006-06-30 02:36:03 -0400 (Fri, 30 Jun 2006)
New Revision: 2367

Added:
   trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
Modified:
   trunk/lib/libx11/debian/changelog
   trunk/lib/libx11/debian/patches/series
Log:
* Security update. Fix for setuid privledge escalation vulernabilities.
  See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
  the full advisory.

Modified: trunk/lib/libx11/debian/changelog
===================================================================
--- trunk/lib/libx11/debian/changelog	2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/changelog	2006-06-30 06:36:03 UTC (rev 2367)
@@ -1,3 +1,11 @@
+libx11 (2:1.0.0-7) unstable; urgency=high
+
+  * Security update. Fix for setuid privledge escalation vulernabilities.
+    See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
+    the full advisory.
+
+ -- David Nusinow <dnusinow@debian.org>  Fri, 30 Jun 2006 02:35:34 -0400
+
 libx11 (2:1.0.0-6) unstable; urgency=low
 
   * Remove libx11-dev's dependencies on libxi-dev and libxkbfile-dev. Add a

Added: trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
===================================================================
--- trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff	2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff	2006-06-30 06:36:03 UTC (rev 2367)
@@ -0,0 +1,17 @@
+Index: libx11/src/xlibi18n/lcFile.c
+===================================================================
+--- libx11.orig/src/xlibi18n/lcFile.c	2006-06-30 02:34:10.000000000 -0400
++++ libx11/src/xlibi18n/lcFile.c	2006-06-30 02:35:06.000000000 -0400
+@@ -269,7 +269,11 @@
+ 	    if (seteuid(0) != 0) {
+ 		priv = 0;
+ 	    } else {
+-		seteuid(oldeuid);
++        if (seteuid(oldeuid) == -1) {
++            /* XXX ouch, coudn't get back to original uid 
++             what can we do ??? */
++            _exit(127);
++        }
+ 		priv = 1;
+ 	    }
+ #endif

Modified: trunk/lib/libx11/debian/patches/series
===================================================================
--- trunk/lib/libx11/debian/patches/series	2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/patches/series	2006-06-30 06:36:03 UTC (rev 2367)
@@ -10,3 +10,4 @@
 010_manpages_fix.diff
 011_stolen_from_ubuntu_xlocalelibdir.diff
 012_ru_RU_UTF-8_XLC_LOCALE.diff
+013_SECURITY_setuid.diff

Reply to:

Prev by Date: X Strike Force X.Org X11 SVN commit: r2366 - trunk/lib
Next by Date: Bug#376100: xserver-xorg-video-nv: nv driver blocks every imput device on my debian box
Previous by thread: X Strike Force X.Org X11 SVN commit: r2366 - trunk/lib
Next by thread: Bug#376100: xserver-xorg-video-nv: nv driver blocks every imput device on my debian box
Index(es):
- Date
- Thread