Package name
libx11
Date
2006-11-06
Advisory ID
MDKSA-2006:199
Affected versions
2007.0 x86_64 , 2007.0 i586

Problem description

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and
1.0.3 opens a file for reading twice using the same file descriptor,
which causes a file descriptor leak that allows local users to read
files specified by the XCOMPOSEFILE environment variable via the
duplicate file descriptor.

Updated packages have been patched to correct this issue.

Updated packages

2007.0 x86_64

 d32213d0ffd578d1bcc559557ce9a56d  2007.0/x86_64/lib64x11_6-1.0.3-2.1mdv2007.0.x86_64.rpm
 a93c8ea58f95f84d339f84a71476cf52  2007.0/x86_64/lib64x11_6-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
 0209595d4383b158efd2156f92f3fa89  2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
 498a8fb81c8f94b708467b112deae6be  2007.0/x86_64/libx11-common-1.0.3-2.1mdv2007.0.x86_64.rpm 
 968b2c951219986d64411b8c893463af  2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm

2007.0 i586

 ed3642c63b1640928ebd8e997da0fd1e  2007.0/i586/libx11_6-1.0.3-2.1mdv2007.0.i586.rpm
 9bf6292e8d6c030b0304efc06912cb5c  2007.0/i586/libx11_6-devel-1.0.3-2.1mdv2007.0.i586.rpm
 095b10889206e2c6b012eca03547e6c0  2007.0/i586/libx11_6-static-devel-1.0.3-2.1mdv2007.0.i586.rpm
 fa6548ef7176c5a6e460ef9fffe077cd  2007.0/i586/libx11-common-1.0.3-2.1mdv2007.0.i586.rpm 
 968b2c951219986d64411b8c893463af  2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm

References