Package name
xfig
Date
2009-12-28
Advisory ID
MDVSA-2009:244-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was discovered and corrected in xfig:

Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to
read and write arbitrary files via a symlink attack on the (1)
xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err,
(4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7)
xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10)
xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID]
is a process ID (CVE-2009-1962).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Updated packages

2008.0 i586

 00e6501e1bc05e766f332e1bb29cf55b  2008.0/i586/xfig-3.2.5-0.11.1mdv2008.0.i586.rpm 
 e85a089de6bc5f900bcefa5cbcd8e05f  2008.0/SRPMS/xfig-3.2.5-0.11.1mdv2008.0.src.rpm

2008.0 x86_64

 209baf1554427a44fae5537764d7e39f  2008.0/x86_64/xfig-3.2.5-0.11.1mdv2008.0.x86_64.rpm 
 e85a089de6bc5f900bcefa5cbcd8e05f  2008.0/SRPMS/xfig-3.2.5-0.11.1mdv2008.0.src.rpm

References