______________________________________________________________________________

                        SuSE Security Announcement

        Package:                nedit
        Announcement-ID:        SuSE-SA:2001:14
        Date:                   Wednesday, April 18th, 2001 13.06 MEST
        Affected SuSE versions: [6.1, 6.2] 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     locoal privilege escalation
        Severity (1-10):        3
        SuSE default package:   no
        Other affected systems: all systems using nedit

        Content of this advisory:
        1) security vulnerability resolved: nedit
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    The Nirvana Editor, NEdit, is a GUI-style text editor based on popular
    Macintosh and MS Windows editors.
    When printing a whole text or selected parts of a text, nedit(1) creates
    a temporary file in an insecure manner. This behavior could be exploited
    to gain access to other users privileges, even root.

    There is no workaround possible, because tmpnam(3) ignores the TMPDIR
    environment variable. Just install the new RPM to fix this problem.

    Download the update package from locations described below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.



    i386 Intel Platform:

    SuSE-7.1
      
      07efdf2fa5c475fcf40633d392d4ae1d
    source rpm:
      
      27e52c3688082257d7f7ecf81c461ad9

    SuSE-7.0
      
      b9846658b0f9c8330b8f9c5732b9e115
    source rpm:
      
      d2dc1c39dbad292326f953e1e84fe187

    SuSE-6.4
      
      c5c6eebe946463926583272690ca4d27
    source rpm:
      
      0a486fa81f4b84ab6f09bd5353b0fd4d

    SuSE-6.3
      
      e1e0baeca49ce972df89a5bb5ebfc6c2
    source rpm:
      
      9a3328dc8fb8a4da343be20c10cb0c02



    Sparc Platform:

    SuSE-7.1
      
      2370e09571b1037270d34afb555cc408
    source rpm:
      
      0ac1364f6b97d503444e6fcb4a0b20df

    SuSE-7.0
      
      a60e8f47d4ac4794f7ee472ef1d7ccb4
    source rpm:
      
      96c96dda6b1ba8b91bebbf3f1a9a56c6



    AXP Alpha Platform:

    SuSE-6.4
      
      cde274f25bec040ae289ef0fb8520b7e
    source rpm:
      
      4cdff5d4836bf4f926298bb3b3a1c513

    SuSE-6.3
      
      fc7fc98267dc76ceec30633068d72533
    source rpm:
      
      fc3ddc09f7c3383b01721e6462f77748



    PPC PowerPC Platform:

    SuSE-7.1
      
      1f413b9e77263ec37d0e42dde6cb55d1
    source rpm:
      
      403bcf64a6ba2824899316e3bd8ea41d

    SuSE-7.0
      
      e771c3bcd7cbc0121a527089ad40a336
    source rpm:
      
      f45e0786fefb5c92fbd61e8c4a36ab32

    SuSE-6.4
      
      7dcb7bf1110311063daac06df1f7cccb
    source rpm:
      
      5f1d6da7f268b8c10f7ea8a4f7a1fab5


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - New RPMs for HylaFax, a Fax Server, are currently being build, which
      fix a format bug in hfaxd, which could lead to local root privilege.

    - Updated man RPMs will be available in a few days.

    - In the past weeks, some security related bugs in the Linux kernel 2.2
      and 2.4 were found. An announcement, that addresses this will be
      released this week.

    - Samba has serveral security problems, which could lead to local root
      access. Samba 2.0.8 fixes these problems. New RPMs are currently being
      build.

______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

SuSE: 'nedit' vulnerability

April 19, 2001
When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner

Summary


______________________________________________________________________________

                        SuSE Security Announcement

        Package:                nedit
        Announcement-ID:        SuSE-SA:2001:14
        Date:                   Wednesday, April 18th, 2001 13.06 MEST
        Affected SuSE versions: [6.1, 6.2] 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     locoal privilege escalation
        Severity (1-10):        3
        SuSE default package:   no
        Other affected systems: all systems using nedit

        Content of this advisory:
        1) security vulnerability resolved: nedit
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    The Nirvana Editor, NEdit, is a GUI-style text editor based on popular
    Macintosh and MS Windows editors.
    When printing a whole text or selected parts of a text, nedit(1) creates
    a temporary file in an insecure manner. This behavior could be exploited
    to gain access to other users privileges, even root.

    There is no workaround possible, because tmpnam(3) ignores the TMPDIR
    environment variable. Just install the new RPM to fix this problem.

    Download the update package from locations described below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.



    i386 Intel Platform:

    SuSE-7.1
      
      07efdf2fa5c475fcf40633d392d4ae1d
    source rpm:
      
      27e52c3688082257d7f7ecf81c461ad9

    SuSE-7.0
      
      b9846658b0f9c8330b8f9c5732b9e115
    source rpm:
      
      d2dc1c39dbad292326f953e1e84fe187

    SuSE-6.4
      
      c5c6eebe946463926583272690ca4d27
    source rpm:
      
      0a486fa81f4b84ab6f09bd5353b0fd4d

    SuSE-6.3
      
      e1e0baeca49ce972df89a5bb5ebfc6c2
    source rpm:
      
      9a3328dc8fb8a4da343be20c10cb0c02



    Sparc Platform:

    SuSE-7.1
      
      2370e09571b1037270d34afb555cc408
    source rpm:
      
      0ac1364f6b97d503444e6fcb4a0b20df

    SuSE-7.0
      
      a60e8f47d4ac4794f7ee472ef1d7ccb4
    source rpm:
      
      96c96dda6b1ba8b91bebbf3f1a9a56c6



    AXP Alpha Platform:

    SuSE-6.4
      
      cde274f25bec040ae289ef0fb8520b7e
    source rpm:
      
      4cdff5d4836bf4f926298bb3b3a1c513

    SuSE-6.3
      
      fc7fc98267dc76ceec30633068d72533
    source rpm:
      
      fc3ddc09f7c3383b01721e6462f77748



    PPC PowerPC Platform:

    SuSE-7.1
      
      1f413b9e77263ec37d0e42dde6cb55d1
    source rpm:
      
      403bcf64a6ba2824899316e3bd8ea41d

    SuSE-7.0
      
      e771c3bcd7cbc0121a527089ad40a336
    source rpm:
      
      f45e0786fefb5c92fbd61e8c4a36ab32

    SuSE-6.4
      
      7dcb7bf1110311063daac06df1f7cccb
    source rpm:
      
      5f1d6da7f268b8c10f7ea8a4f7a1fab5


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - New RPMs for HylaFax, a Fax Server, are currently being build, which
      fix a format bug in hfaxd, which could lead to local root privilege.

    - Updated man RPMs will be available in a few days.

    - In the past weeks, some security related bugs in the Linux kernel 2.2
      and 2.4 were found. An announcement, that addresses this will be
      released this week.

    - Samba has serveral security problems, which could lead to local root
      access. Samba 2.0.8 fixes these problems. New RPMs are currently being
      build.

______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ==============================================    SuSE's security contact is <security@suse.com>.
    ==============================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

References

Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved