SHARE

SuSE Security Announcement: nedit (SuSE-SA:2001:14)

Written By

Web Webster

Apr 19, 2001

Date: Thu, 19 Apr 2001 11:32:13 +0200 (CEST)
From: Thomas Biege <thomas@suse.de>Subject: [suse-security-announce] SuSE Security Announcement: nedit (SuSE-SA:2001:14)

SuSE Security Announcement

        Package:                nedit
        Announcement-ID:        SuSE-SA:2001:14
        Date:                   Wednesday, April 18th, 2001 13.06 MEST
        Affected SuSE versions: [6.1, 6.2] 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     locoal privilege escalation
        Severity (1-10):        3
        SuSE default package:   no
        Other affected systems: all systems using nedit

        Content of this advisory:
        1) security vulnerability resolved: nedit
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

problem description, brief discussion, solution, upgrade
information

The Nirvana Editor, NEdit, is a GUI-style text editor based on
popular Macintosh and MS Windows editors.
When printing a whole text or selected parts of a text, nedit(1)
creates a temporary file in an insecure manner. This behavior could
be exploited to gain access to other users privileges, even
root.

There is no workaround possible, because tmpnam(3) ignores the
TMPDIR environment variable. Just install the new RPM to fix this
problem.

Download the update package from locations described below and
install the package with the command `rpm -Uhv file.rpm’. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command

`rpm –checksig –nogpg file.rpm’, independently from the md5
signatures below.

    i386 Intel Platform:

    SuSE-7.1    ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/nedit-5.1.1-151.i386.rpm
      07efdf2fa5c475fcf40633d392d4ae1d
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/nedit-5.1.1-151.src.rpm
      27e52c3688082257d7f7ecf81c461ad9

    SuSE-7.0    ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/nedit-5.1.1-151.i386.rpm
      b9846658b0f9c8330b8f9c5732b9e115
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nedit-5.1.1-151.src.rpm
      d2dc1c39dbad292326f953e1e84fe187


    SuSE-6.4    ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/nedit-5.0.2-207.i386.rpm
      c5c6eebe946463926583272690ca4d27
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nedit-5.0.2-207.src.rpm
      0a486fa81f4b84ab6f09bd5353b0fd4d


    SuSE-6.3    ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/nedit-5.0.2-208.i386.rpm
      e1e0baeca49ce972df89a5bb5ebfc6c2
    source rpm:    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nedit-5.0.2-208.src.rpm
      9a3328dc8fb8a4da343be20c10cb0c02

    Sparc Platform:

    SuSE-7.1    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/xap2/nedit-5.1.1-135.sparc.rpm
      2370e09571b1037270d34afb555cc408
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/nedit-5.1.1-135.src.rpm
      0ac1364f6b97d503444e6fcb4a0b20df

    SuSE-7.0    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/nedit-5.1.1-134.sparc.rpm
      a60e8f47d4ac4794f7ee472ef1d7ccb4
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nedit-5.1.1-134.src.rpm
      96c96dda6b1ba8b91bebbf3f1a9a56c6

    AXP Alpha Platform:

    SuSE-6.4    ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/nedit-5.0.2-207.alpha.rpm
      cde274f25bec040ae289ef0fb8520b7e    source rpm:    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nedit-5.0.2-207.src.rpm
      4cdff5d4836bf4f926298bb3b3a1c513

    SuSE-6.3    ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/nedit-5.0.2-207.alpha.rpm
      fc7fc98267dc76ceec30633068d72533    source rpm:    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nedit-5.0.2-207.src.rpm
      fc3ddc09f7c3383b01721e6462f77748

    PPC PowerPC Platform:

    SuSE-7.1    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/xap2/nedit-5.1.1-122.ppc.rpm
      1f413b9e77263ec37d0e42dde6cb55d1    source rpm:    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/nedit-5.1.1-122.src.rpm
      403bcf64a6ba2824899316e3bd8ea41d

    SuSE-7.0    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/nedit-5.1.1-122.ppc.rpm
      e771c3bcd7cbc0121a527089ad40a336    source rpm:    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nedit-5.1.1-122.src.rpm
      f45e0786fefb5c92fbd61e8c4a36ab32

    SuSE-6.4    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/nedit-5.0.2-146.ppc.rpm
      7dcb7bf1110311063daac06df1f7cccb    source rpm:    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nedit-5.0.2-146.src.rpm
      5f1d6da7f268b8c10f7ea8a4f7a1fab5

2) Pending vulnerabilities in SuSE Distributions and
Workarounds:

New RPMs for HylaFax, a Fax Server, are currently being build,
which fix a format bug in hfaxd, which could lead to local root
privilege.
Updated man RPMs will be available in a few days.
In the past weeks, some security related bugs in the Linux
kernel 2.2 and 2.4 were found. An announcement, that addresses this
will be released this week.
Samba has serveral security problems, which could lead to local
root access. Samba 2.0.8 fixes these problems. New RPMs are
currently being build.

3) standard appendix:

SuSE runs two security mailing lists to which any interested
party may subscribe:

suse-security@suse.com

general/linux/SuSE security discussion. All SuSE security
announcements are sent to this list. To subscribe, send an email to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com

SuSE’s announce-only mailing list. Only SuSE’s security
annoucements are sent to this list. To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (faq)
send mail to:

        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

SuSE’s security contact is
<security@suse.com>.

The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory. Bye,

Thomas
-- 
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomas@suse.de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
  Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 84

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

SuSE Security Announcement: nedit (SuSE-SA:2001:14)

SuSE’s security contact is
<security@suse.com>.

Web Webster

Recommended for you...

Company

Categories

SuSE Security Announcement: nedit (SuSE-SA:2001:14)

SuSE’s security contact is <security@suse.com>.

Web Webster

Recommended for you...

Company

Categories

SuSE’s security contact is
<security@suse.com>.