COMMAND

    Window Maker

SYSTEMS AFFECTED

    Window Maker

PROBLEM

    Alban Hertroys found a buffer overflow in Window Maker (a  popular
    window  manager  for  X).   The  code  that  handles titles in the
    window  list  menu  did  not  check  the  length of the title when
    copying it  to a  buffer.   Since applications  will set the title
    using untrusted data (for example web browsers will set the  title
    of their  window to  the title  of the  web-page being shown) this
    could be exploited remotely.

SOLUTION

    This has been fixed in  version 0.61.1-4.1 of the Debian  package,
    and upstream version 0.65.1:

        http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
        http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/WindowMaker-0.60.0-8U40_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/WindowMaker-0.60.0-8U40_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/WindowMaker-0.60.0-8U40_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/WindowMaker-0.60.0-8U40_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/./4.1/i386/WindowMaker-0.60.0-10U41_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/./4.1/SRPMS/WindowMaker-0.60.0-10U41_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/WindowMaker-0.61.1-3U42_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/WindowMaker-0.61.1-3U42_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/WindowMaker-0.61.1-7U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/WindowMaker-0.61.1-7U50_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/WindowMaker-0.62.1-6U_51_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/WindowMaker-0.62.1-6U_51_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/WindowMaker-devel-0.62.1-6U_51_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/WindowMaker-0.61.1-7U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/WindowMaker-0.61.1-7U50_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/WindowMaker-0.61.1-7U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/WindowMaker-0.61.1-7U50_1cl.i386.rpm