COMMAND

    nedit

SYSTEMS AFFECTED

    nedit

PROBLEM

    The Nirvana  Editor, NEdit,  is a  GUI-style text  editor based on
    popular Macintosh and MS Windows  editors.  When printing a  whole
    text or  selected parts  of a  text, nedit(1)  creates a temporary
    file in an insecure manner.

    This behavior  could be  exploited to  gain access  to other users
    privileges, even root.

SOLUTION

    There is  no workaround  possible, because  tmpnam(3) ignores  the
    TMPDIR environment variable.  Just install the new RPM to fix this
    problem on SuSE:

        ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/nedit-5.1.1-151.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/nedit-5.1.1-151.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/nedit-5.1.1-151.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nedit-5.1.1-151.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/nedit-5.0.2-207.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/nedit-5.0.2-208.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nedit-5.0.2-208.src.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.1/xap2/nedit-5.1.1-135.sparc.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/nedit-5.1.1-135.src.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/nedit-5.1.1-134.sparc.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nedit-5.1.1-134.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/nedit-5.0.2-207.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/nedit-5.0.2-207.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.1/xap2/nedit-5.1.1-122.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/nedit-5.1.1-122.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/nedit-5.1.1-122.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nedit-5.1.1-122.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/nedit-5.0.2-146.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nedit-5.0.2-146.src.rpm

    For Debian:

        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.diff.gz
        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.dsc
        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02.orig.tar.gz
        http://security.debian.org/dists/stable/updates/non-free/binary-alpha/nedit_5.02-7.1_alpha.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-arm/nedit_5.02-7.1_arm.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-i386/nedit_5.02-7.1_i386.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-m68k/nedit_5.02-7.1_m68k.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-powerpc/nedit_5.02-7.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-sparc/nedit_5.02-7.1_sparc.deb

    For Linux-Mandrake:

        Linux-Mandrake 7.1: 7.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
                            7.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/nedit-5.1.1-9.1mdk.i586.rpm
                            7.2/SRPMS/nedit-5.1.1-9.1mdk.src.rpm
        Linux-Mandrake 8.0: 8.0/RPMS/nedit-5.1.1-13.1mdk.i586.rpm
                            8.0/SRPMS/nedit-5.1.1-13.1mdk.src.rpm
    Corporate Server 1.0.1: 1.0.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
                            1.0.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm

    For Progeny:

        wget http://archive.progeny.com/progeny/updates/newton/nedit_5.1.1-1.0progeny1_i386.deb

    For RedHat:

        ftp://updates.redhat.com/5.2/en/powertools/SRPMS/nedit-5.1.1-0.5x.1.src.rpm
        ftp://updates.redhat.com/5.2/en/powertools/alpha/nedit-5.1.1-0.5x.1.alpha.rpm
        ftp://updates.redhat.com/5.2/en/powertools/i386/nedit-5.1.1-0.5x.1.i386.rpm
        ftp://updates.redhat.com/5.2/en/powertools/sparc/nedit-5.1.1-0.5x.1.sparc.rpm
        ftp://updates.redhat.com/6.2/en/powertools/SRPMS/nedit-5.1.1-0.6x.1.src.rpm
        ftp://updates.redhat.com/6.2/en/powertools/alpha/nedit-5.1.1-0.6x.1.alpha.rpm
        ftp://updates.redhat.com/6.2/en/powertools/i386/nedit-5.1.1-0.6x.1.i386.rpm
        ftp://updates.redhat.com/6.2/en/powertools/sparc/nedit-5.1.1-0.6x.1.sparc.rpm
        ftp://updates.redhat.com/7.0/en/powertools/SRPMS/nedit-5.1.1-4.70.1.src.rpm
        ftp://updates.redhat.com/7.0/en/powertools/alpha/nedit-5.1.1-4.70.1.alpha.rpm
        ftp://updates.redhat.com/7.0/en/powertools/i386/nedit-5.1.1-4.70.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/powertools/SRPMS/nedit-5.1.1-6.src.rpm
        ftp://updates.redhat.com/7.1/en/powertools/i386/nedit-5.1.1-6.i386.rpm