Linux Today: Linux News On Internet Time.

Suse Security Announcement: imwheel is not vulnerable [in SuSE Linux]

Apr 21, 2000, 21:24 (0 Talkback[s])
(Other stories by Marc Heuse)

Date: Fri, 21 Apr 2000 22:09:56 +0200 (MEST)
From: Marc Heuse marc@suse.de
To: suse-security@suse.com, suse-security-announce@suse.com
Subject: [suse-security-announce] imwheel is not vulnerable

Please note that a local root vulnerability has been found in the imwheel package, however:

SuSE Linux is not affected
We dont ship the vulnerable suidperl script. >From the /usr/doc/packages/imwheel/README.SuSE file:

For security reasons suid root installation as mentioned in the README file is disabled in the distribution. If you terminate/restart the X-Server all running instances of imwheel are killed anyway.

Thank you for your attention.