[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Security Advisory for esound

Attached is a Debian Security Advisory for the recent discussions regarding
the race condition in /tmp/.esd.  Debian's package is not vulnerable to this,
as I disabled support for Unix Domain Sockets in the package in February 2000.
Slink is not vulnerable either, the code for UDS was not in 0.2.6, the version
in slink.

Please post to the necessary lists.

Brian M. Almeida
Linux Systems Engineer |  http://www.winstar.com | balmeida@winstar.com
Debian Developer       |  http://www.debian.org  | bma@debian.org
Debian Security Advisory                                 security@debian.org
September 28, 2000

Linux-Mandrake has recently released a Security Advisory (MDKSA-2000:051)
covering a race condition in the esound.  Debian has had this bug fixed 
since February 16, 2000. Therefore both the stable and unstable 
distributions of Debian are not vulnerable to this problem.  Debian 2.1 
(aka "slink") is also not vulnerable to this problem since the version in 
2.1 is esound 0.2.6, which did not use unix domain sockets.

More information regarding this bug can be found at:

For apt-get: deb http://security.debian.org/ stable updates
Mailing list: debian-security-announce@lists.debian.org

Attachment: pgpbfiT0E8JjX.pgp
Description: PGP signature

Reply to: