Linux-Mandrake Security Update Advisory: nedit

From: Linux Today Newsticker (ticker@finlandia.infodrom.ffis.de)
Date: Thu Apr 26 2001 - 19:50:03 CEST

  • Next message: redhat-announce-list-admin@redhat.com: "[RHSA-2001:050-04] Updated mgetty packages available"

    http://www.linuxtoday.com/news_story.php3?ltsn=2001-04-26-009-20-SC-MD

        Linux-Mandrake Security Update Advisory: nedit

        Apr 26, 2001, 17 :27 UTC

        From: Linux Mandrake Security Team Subject: MDKSA-2001:042 -
        nedit update Date: 25 Apr 2001 13:33:10 -0600

        Linux-Mandrake Security Update Advisory

        Package name: nedit

        Date: April 25th, 2001

        Advisory ID: MDKSA-2001:042

        Affected versions: 7.1, 7.2, 8.0, Corporate Server 1.0.1

        Problem Description:

        A temporary file vulnerability exists in NEdit, the Nirvana
        Editor. When printing the entire text or selected parts of
        the text within the editor, nedit creates a temporary file in
        an insecure manner. This could be exploited to gain access to
        other user privileges including root.

        Please verify the update prior to upgrading to ensure the
        integrity of the downloaded package. You can do this with the
        command: rpm --checksig package.rpm

        You can get the GPG public key of the Linux-Mandrake Security
        Team at
        http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS[2] If
        you use MandrakeUpdate, the verification of md5 checksum and
        GPG signature is performed automatically for you.

        Linux-Mandrake 7.1:

        4f97d5ed0100ee9a38961d19e189f1cb
        7.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
        116f0b623fc9a9d56369a5e00aabd596
        7.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm

        Linux-Mandrake 7.2:

        aa30f2bd203db8f50cf59b0a2b6939fd
        7.2/RPMS/nedit-5.1.1-9.1mdk.i586.rpm
        9ab4ccb9d28da67bf360de6f0e0acea7
        7.2/SRPMS/nedit-5.1.1-9.1mdk.src.rpm

        Linux-Mandrake 8.0:

        a6e536fabf777e8068c1eb92e963a85e
        8.0/RPMS/nedit-5.1.1-13.1mdk.i586.rpm
        47fa2927a8b66c32661aaadcf7aa3ca4
        8.0/SRPMS/nedit-5.1.1-13.1mdk.src.rpm

        Corporate Server 1.0.1:

        4f97d5ed0100ee9a38961d19e189f1cb
        1.0.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
        116f0b623fc9a9d56369a5e00aabd596
        1.0.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm

        To upgrade automatically, use MandrakeUpdate.

        If you want to upgrade manually, download the updated package
        from one of our FTP server mirrors and upgrade with "rpm -Fvh
        *.rpm".

        You can download the updates directly from one of the mirror
        sites listed at:

        http://www.linux-mandrake.com/en/ftp.php3[3].

        Updated packages are available in the "updates/[ver]/RPMS/"
        directory. For example, if you are looking for an updated RPM
        package for Linux-Mandrake 8.0, look for it in
        "updates/8.0/RPMS/". Updated source RPMs are available as
        well, but you generally do not need to download them.

        Please be aware that sometimes it takes the mirrors a few
        hours to update.

        You can view other security advisories for Linux-Mandrake at:

        http://www.linux-mandrake.com/en/security/[4]

        If you want to report vulnerabilities, please contact

        security@linux-mandrake.com[5]

        Linux-Mandrake has two security-related mailing list services
        that anyone can subscribe to:

        security-announce@linux-mandrake.com[6]

        Linux-Mandrake's security announcements mailing list. Only
        announcements are sent to this list and it is read-only.

        security-discuss@linux-mandrake.com[7]

        Linux-Mandrake's security discussion mailing list. This list
        is open to anyone to discuss Linux-Mandrake security
        specifically and Linux security in general.

        To subscribe to either list, send a message to
        sympa@linux-mandrake.com[8]

        with "subscribe [listname]" in the body of the message.

        To remove yourself from either list, send a message to
        sympa@linux-mandrake.com[9]

        with "unsubscribe [listname]" in the body of the message.

        To get more information on either list, send a message to
        sympa@linux-mandrake.com[10]

        with "info [listname]" in the body of the message.

        Optionally, you can use the web interface to subscribe to or
        unsubscribe from either list:

        http://www.linux-mandrake.com/en/flists.php3#security[11]

        Links:
        [1] mailto:security@LINUX-MANDRAKE.COM
        [2] http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
        [3] http://www.linux-mandrake.com/en/ftp.php3
        [4] http://www.linux-mandrake.com/en/security/
        [5] mailto:security@linux-mandrake.com
        [6] mailto:security-announce@linux-mandrake.com
        [7] mailto:security-discuss@linux-mandrake.com
        [8] mailto:sympa@linux-mandrake.com
        [9] mailto:sympa@linux-mandrake.com
        [10] mailto:sympa@linux-mandrake.com
        [11] http://www.linux-mandrake.com/en/flists.php3#security

    This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 09:50:16 CEST