Note: This is an archival copy of Security Sun Alert 200486 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000364.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
A local or remote unprivileged user may be able to crash an application which dynamically links to the X Inter Client Exchange library (libICE) due to a security vulnerability in libICE. The ability to crash an application is a type of Denial of Service (DoS). A number of applications which comprise the GNOME desktop environment dynamically link with libICE.
This issue can occur in the following releases:
Note: Solaris 10 is not affected by this issue.
To determine if an application is linked with the libICE library, the ldd(1) utility can be utilized as in the following example:
$ ldd /usr/openwin/bin/xset | grep libICE libICE.so.6 => /usr/openwin/lib/libICE.so.6
If the described issue occurs, the application which links to the libICE library will exit and may generate an error message about a Segmentation Fault and may also write a core(4) file.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment