Debian Security Advisory DSA 968-1 (noweb) Network Vulnerability

Summary

The remote host is missing an update to noweb announced via advisory DSA 968-1. Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that a script in noweb, a web like literate-programming tool, creates a temporary file in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 2.9a-7.4.

Solution

For the stable distribution (sarge) this problem has been fixed in version 2.10c-3.2. For the unstable distribution (sid) this problem has been fixed in version 2.10c-3.2. We recommend that you upgrade your nowebm package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20968-1

Severity

Classification

CVE CVE-2005-3342

CVSS	Base Score: 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1531-2 (policyd-weight)
Debian Security Advisory DSA 140-1 (libpng2, libpng3)
Debian Security Advisory DSA 198-1 (nullmailer)
Debian Security Advisory DSA 1003-1 (xpvm)
Debian Security Advisory DSA 2309-1 (openssl)

Take action and discover your vulnerabilities