Attached is a Debian Security Advisory for the recent discussions regarding the race condition in /tmp/.esd. Debian's package is not vulnerable to this, as I disabled support for Unix Domain Sockets in the package in February 2000. Slink is not vulnerable either, the code for UDS was not in 0.2.6, the version in slink.
Please post to the necessary lists. -- Brian M. Almeida Linux Systems Engineer | http://www.winstar.com | [EMAIL PROTECTED] Debian Developer | http://www.debian.org | [EMAIL PROTECTED]
---------------------------------------------------------------------------- Debian Security Advisory [EMAIL PROTECTED] http://www.debian.org/security/ September 28, 2000 ---------------------------------------------------------------------------- Linux-Mandrake has recently released a Security Advisory (MDKSA-2000:051) covering a race condition in the esound. Debian has had this bug fixed since February 16, 2000. Therefore both the stable and unstable distributions of Debian are not vulnerable to this problem. Debian 2.1 (aka "slink") is also not vulnerable to this problem since the version in 2.1 is esound 0.2.6, which did not use unix domain sockets. More information regarding this bug can be found at: http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=yes&bug=58054 ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates Mailing list: [email protected]
pgpohquoZutZp.pgp
Description: PGP signature
