Información sobre seguridad / 2001 / Información sobre seguridad -- DSA-037-1 Athena Widget replacement libraries

Aviso de seguridad de Debian

DSA-037-1 Athena Widget replacement libraries -- manejo inseguro de ficheros temporales

Fecha del informe:

7 de mar de 2001

Paquetes afectados:

nextaw
xaw3d
xaw95

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

No se dispone, de momento, de referencias a otras bases de datos de seguridad externas.

Información adicional:

Se ha informado que los widgets AsciiSrc y MultiSrc la librería de widgets Athena manejan los ficheros temporales de una forma insegura. Joey Hess ha incorporado la corrección del fallo de XFree86 en estas librerías. Las versiones corregidas son nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1, y xaw95 1.1-4.6potato1.

Arreglado en:

Debian 2.2 (potato)

Fuentes:

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1.orig.tar.gz

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3.orig.tar.gz

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1.orig.tar.gz

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/nextaw_0.5.1-34potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/nextawg_0.5.1-34potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3d_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg-dev_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg_1.3-6.9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/xaw95g_1.1-4.6potato1_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/nextaw_0.5.1-34potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/nextawg_0.5.1-34potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3d_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg-dev_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg_1.3-6.9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw95g_1.1-4.6potato1_m68k.deb