Debian Security Advisory: nedit symlink attackApr 27, 2001, 12:02 (0 Talkback[s])
From: debian-security-announce@LISTS.DEBIAN.ORG Subject: [SECURITY] [DSA-053-1] nedit symlink attack Date: 26 Apr 2001 16:48:56 -0600
Debian Security Advisory DSA-053-1 email@example.com http://www.debian.org/security/ Wichert Akkerman April 27, 2001
Package : nedit Problem type : insecure temporary file Debian-specific: no
The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files.
This has been fixed in version 5.02-7.1.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.diff.gz MD5 checksum: 82b90eea8263fd3f6140b40737f1fc16 http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.dsc MD5 checksum: e14d25693dab3e329a93bdca10a45f03 http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02.orig.tar.gz MD5 checksum: 2d8d0a8ec173fde6d574ffef40bbc524
These packages will be moved into the stable distribution on its next revision.
For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: firstname.lastname@example.org