|
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
For the stable distribution (woody) this problem has been fixed in version 1.2-3.1.
The old stable distribution (potato) does not contain a leksbot package.
For the unstable distribution (sid) this problem has been fixed in version 1.2-5.
We recommend that you update your leksbot package.
MD5 checksums of the listed files are available in the original advisory.