[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian immune to recent reported /tmp symlink races in XFree86

Several distributions of late have made security releases addressing a
problem with symbolic links and race conditions in the /tmp directory.
Debian is not vulnerable to this particular problem, but it is possible for
the X server socket to be created in an inappropriate directory. While this
is not an exploitable security problem, it is not correct behavior, and
there will shortly be an updated version of the XFree86 packages in
the Debian archives. In the meantime, there is a test build available with
this problem (as well as few others) rectified.

The test build is available at:

G. Branden Robinson              |   Suffer before God and ye shall be
Debian GNU/Linux                 |   redeemed.  God loves us, so He makes us
branden@ecn.purdue.edu           |   suffer Christianity.
cartoon.ecn.purdue.edu/~branden/ |   -- Aaron Dunsmore

Attachment: pgpbSKLnERBXt.pgp
Description: PGP signature

Reply to: