Navigation
|
|
| Problem Description |
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and
1.0.3 opens a file for reading twice using the same file descriptor,
which causes a file descriptor leak that allows local users to read
files specified by the XCOMPOSEFILE environment variable via the
duplicate file descriptor.
Updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007
ed3642c63b1640928ebd8e997da0fd1e 2007.0/i586/libx11_6-1.0.3-2.1mdv2007.0.i586.rpm 9bf6292e8d6c030b0304efc06912cb5c 2007.0/i586/libx11_6-devel-1.0.3-2.1mdv2007.0.i586.rpm 095b10889206e2c6b012eca03547e6c0 2007.0/i586/libx11_6-static-devel-1.0.3-2.1mdv2007.0.i586.rpm fa6548ef7176c5a6e460ef9fffe077cd 2007.0/i586/libx11-common-1.0.3-2.1mdv2007.0.i586.rpm 968b2c951219986d64411b8c893463af 2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
d32213d0ffd578d1bcc559557ce9a56d 2007.0/x86_64/lib64x11_6-1.0.3-2.1mdv2007.0.x86_64.rpm a93c8ea58f95f84d339f84a71476cf52 2007.0/x86_64/lib64x11_6-devel-1.0.3-2.1mdv2007.0.x86_64.rpm 0209595d4383b158efd2156f92f3fa89 2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.1mdv2007.0.x86_64.rpm 498a8fb81c8f94b708467b112deae6be 2007.0/x86_64/libx11-common-1.0.3-2.1mdv2007.0.x86_64.rpm 968b2c951219986d64411b8c893463af 2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.