COMMAND

    make

SYSTEMS AFFECTED

    SuSE 6.1, 6.3 with make-3.77-44 and earlier

PROBLEM

    Following  ia  based  on  SuSE  Security Announcement.  A security
    hole was discovered in the  package mentioned above.  If  GNU make
    is fed  with Makefiles  via stdin  it creates  temporary files  in
    /tmp without checking  for links.   A malicous user  could execute
    commands with  the privileges  of the  user executing  make.  This
    security hole could lead to  local root compromise if root  passes
    Makefiles to make through stdin.

SOLUTION

    Patches available:

        ftp://ftp.suse.com/pub/suse/axp/update/6.1/d1/make-3.78.1-4.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/d1/make-3.78.1-5.alpha.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/make-3.78.1-3.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.2/d1/make-3.78.1-2.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/make-3.78.1-2.i386.rpm

    This has  been fixed  in version  3.77-5slink.   Debian recommends
    you upgrade your make package immediately.

        http://security.debian.org/dists/stable/updates/source/make_3.77.orig.tar.gz
        http://security.debian.org/dists/stable/updates/source/make_3.77-5slink.diff.gz
        http://security.debian.org/dists/stable/updates/source/make_3.77-5slink.dsc

        http://security.debian.org/dists/stable/updates/binary-alpha/make_3.77-5slink_alpha.deb

        http://security.debian.org/dists/stable/updates/binary-i386/make_3.77-5slink_i386.deb

        http://security.debian.org/dists/stable/updates/binary-m68k/make_3.77-5slink_m68k.deb

        http://security.debian.org/dists/stable/updates/binary-sparc/make_3.77-5slink_sparc.deb

        http://security.debian.org/dists/stable/updates/binary-all/make-doc_3.77-5slink_all.deb