Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian 2.2 DSA-090-1 Critical: Xtel Symlink Attack Details

debian
Calendar Grey December 5, 2001
Debian Logo
Debian Security Announcement DSA-092-2 addresses critical vulnerabilities related to buffer overflows in emacs package for Debian GNU/Linux 2.4.
The xtel (a X emulator for minitel) package as distributed with DebianGNU/Linux 2.2 has two possible symlink attacks.

Summary

Package : xtel
Problem type : symlink attack
Debian-specific: no

The xtel (a X emulator for minitel) package as distributed with Debian
GNU/Linux 2.2 has two possible symlink attacks:

* xteld creates a temporary file /tmp/.xtel- without checking
for symlinks.
* when printing a hardcope xtel would create a temporary file without
protecting itself against symlink attacks.

Both problems have been fixed in version 3.2.1-4.potato.1 .

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

MD5 checksum: 79575d2797c4b85fafba690f71ba97c4

MD5 checksum: 036a3763efa51ff74baa14705b86974a

MD5 checksum: 9cec4556d70194beb25086d8e14b9b20

Alpha architecture:


MD5 checksum: c288520adc2a519edb341c18d6b20572

ARM architecture:


MD5 checksum: 0114570b5bd...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.