← Back to branch summary

~ubuntu-branches/ubuntu/natty/xorg-server/natty-security

~ubuntu-branches/ubuntu/natty/xorg-server/natty-security

« back to all changes in this revision

Viewing changes to debian/patches/506_CVE-2011-4029.patch

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-10-13 11:03:44 UTC
mfrom: (215.1.2 natty-proposed)
Revision ID: james.westby@ubuntu.com-20111013110344-iexo0cjrj3m0w9l8

Tags: 2:1.10.1-1ubuntu1.3

* SECURITY UPDATE: file existence disclosure
  - debian/patches/505_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
    in os/utils.c.
  - CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
  - debian/patches/506_CVE-2011-4029.patch: use fchmod to prevent race
    in os/utils.c.
  - CVE-2011-4029

files added:
debian/patches/218_randr-check-rotated-virtual-size-limits-correctly.diff

debian/patches/503_fix_masked_transformed_valuators.patch

debian/patches/504_fix_no_coords.patch

debian/patches/505_CVE-2011-4028.patch

debian/patches/506_CVE-2011-4029.patch

files modified:
debian/changelog

debian/patches/series

Show diffs side-by-side

added added

removed removed

debian/patches/506_CVE-2011-4029.patch

1

Description: fix privilege escalation via file permission change

2

Author: Matthieu Herrb <matthieu@herrb.eu>

3

4

diff -Nur xorg-server-1.10.1/os/utils.c xorg-server-1.10.1.new/os/utils.c

5

--- xorg-server-1.10.1/os/utils.c 2011-10-13 11:03:33.252840314 -0400

6

+++ xorg-server-1.10.1.new/os/utils.c 2011-10-13 11:03:37.824840433 -0400

7

@@ -309,7 +309,7 @@

8

FatalError("Could not create lock file in %s\n", tmp);

9

(void) sprintf(pid_str, "%10ld\n", (long)getpid());

10

(void) write(lfd, pid_str, 11);

11

- (void) chmod(tmp, 0444);

12

+ (void) fchmod(lfd, 0444);

13

(void) close(lfd);

14

15

/*

Older »