severity 382411 important
thanks
Stefan Fritsch wrote:
> The vulnerability is caused due to the libXm library allowing users to
> specify a
> file for writing debug output to via the "DEBUG_FILE" environment variable. By
> running a setuid binary linked against a vulnerable libXm library, this can be
> exploited to create world-writable files with the effective user id of the
> binary.
This can be fixed by building lesstif2 with --enable-production.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]