Bulletin d'alerte Debian

DSA-037-1 Athena Widget replacement libraries -- Gestion non sécurisée de fichier temporaire

Date du rapport :

7 mars 2001

Paquets concernés :

nextaw
xaw3d
xaw95

Vulnérabilité :

Oui

Références dans la base de données de sécurité :

Aucune référence à une base de données externe en rapport avec la sécurité n'est actuellement disponible.

Plus de précisions :

Les widgets AsciiSrc et MultiSrc dans la bibliothèque de widgets Athena ne gèrent pas proprement les fichiers temporaires. Joey Hess a porté les corrections de XFree86 à ses remplacements de bibliothèques Xaw. Les corrections sont disponibles dans nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1 et xaw95 1.1-4.6potato1.

Corrigé dans :

Debian 2.2 (potato)

Source :: http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.dsc; http://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1.orig.tar.gz; http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.dsc; http://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3.orig.tar.gz; http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.dsc; http://security.debian.org/dists/stable/updates/main/source/xaw95_1.1.orig.tar.gz
i386:: http://security.debian.org/dists/stable/updates/main/binary-i386/nextaw_0.5.1-34potato1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/nextawg_0.5.1-34potato1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3d_1.3-6.9potato1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg-dev_1.3-6.9potato1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg_1.3-6.9potato1_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/xaw95g_1.1-4.6potato1_i386.deb
m68k:: http://security.debian.org/dists/stable/updates/main/binary-m68k/nextaw_0.5.1-34potato1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/nextawg_0.5.1-34potato1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3d_1.3-6.9potato1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg-dev_1.3-6.9potato1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg_1.3-6.9potato1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/xaw95g_1.1-4.6potato1_m68k.deb