Date: Mon, 5 Apr 1999 00:23:16 -0400 From: Branden Robinson <branden@ecn.purdue.edu> To: debian-security-announce@debian.org Subject: Debian immune to recent reported /tmp symlink races in XFree86 --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Several distributions of late have made security releases addressing a problem with symbolic links and race conditions in the /tmp directory. Debian is not vulnerable to this particular problem, but it is possible for the X server socket to be created in an inappropriate directory. While this is not an exploitable security problem, it is not correct behavior, and there will shortly be an updated version of the XFree86 3.3.2.3 packages in the Debian archives. In the meantime, there is a test build available with this problem (as well as few others) rectified. The test build is available at: http://master.debian.org/%7Ebranden/xfree86/ --=20 G. Branden Robinson | Suffer before God and ye shall be Debian GNU/Linux | redeemed. God loves us, so He makes us branden@ecn.purdue.edu | suffer Christianity. cartoon.ecn.purdue.edu/~branden/ | -- Aaron Dunsmore --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3a iQCVAwUBNwg6s6iRn0nSNFD5AQG6EgQAybxH+fZol9qKTHdZjIHGSz2HyHumVNs+ dc3WShewdywgT4/KosEdqnVU9fRxxscai5lYA3JJtRFe1d21Fe8/hgNq1BOI+ruU GYzZgpctOpwLoolVZUnOUQbLQq9DdXuK76yFQB52f3aDS+H+d3apWw7rRL19yI/u u4ApXIXVJe4= =Scd/ -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- -- To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org