Attached is a Debian Security Advisory for the recent discussions regarding the race condition in /tmp/.esd. Debian's package is not vulnerable to this, as I disabled support for Unix Domain Sockets in the package in February 2000. Slink is not vulnerable either, the code for UDS was not in 0.2.6, the version in slink. Please post to the necessary lists. -- Brian M. Almeida Linux Systems Engineer | http://www.winstar.com | balmeida@winstar.com Debian Developer | http://www.debian.org | bma@debian.org
---------------------------------------------------------------------------- Debian Security Advisory security@debian.org http://www.debian.org/security/ September 28, 2000 ---------------------------------------------------------------------------- Linux-Mandrake has recently released a Security Advisory (MDKSA-2000:051) covering a race condition in the esound. Debian has had this bug fixed since February 16, 2000. Therefore both the stable and unstable distributions of Debian are not vulnerable to this problem. Debian 2.1 (aka "slink") is also not vulnerable to this problem since the version in 2.1 is esound 0.2.6, which did not use unix domain sockets. More information regarding this bug can be found at: http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=yes&bug=58054 ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates Mailing list: debian-security-announce@lists.debian.org
Attachment:
pgpbfiT0E8JjX.pgp
Description: PGP signature