- --------------------------------------------------------------------------Debian Security Advisory DSA 927-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 27th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : tkdiff
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2005-3343

Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit project
discovered that tkdiff, a graphical side by side "diff" utility,
creates temporary files in an insecure fashion.

For the old stable distribution (woody) this problem has been fixed in
version 3.08-3woody0.

For the stable distribution (sarge) this problem has been fixed in
version 4.0.2-1sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.2-2.

We recommend that you upgrade your tkdiff package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      568 f331eee995b5ec3b5346b519c7147ee4
          Size/MD5 checksum:     3685 f00859ddd284e8016728b5a1d00b6fdd
          Size/MD5 checksum:    63171 197e9bee9812a5698889c589efd9b1ee

  Architecture independent components:

          Size/MD5 checksum:    67308 7314490886f96610a31f71bc22513c7f


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      571 e54f2d9fcd23c386640502fbe119e2b0
          Size/MD5 checksum:     3973 decabcedfbb5b9fc7dfa8a48b661b563
          Size/MD5 checksum:    86258 c52f7d8d87ebe34fbba6b6bdf30f3c60

  Architecture independent components:

          Size/MD5 checksum:    85468 c5fe0c83bfb827e2903a045767f03ded


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: tkdiff fix insecure temporary file creation DSA-927-1

December 27, 2005
Updated package.

Summary

Severity

Related News

13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved