Debian Security Advisory

DSA-1329-1 gfax -- insecure temporary files

Date Reported:
05 Jul 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-2839.
More information:

Steve Kemp from the Debian Security Audit project discovered that gfax, a GNOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitrary commands with the privileges of the root user.

For the old stable distribution (sarge) this problem has been fixed in version 0.4.2-11sarge1.

The stable distribution (etch) is not affected by this problem.

The unstable distribution (sid) is not affected by this problem.

We recommend that you upgrade your gfax package.

Fixed in:

Debian GNU/Linux 3.1 alias sarge

alpha architecture (DEC Alpha)
amd64 architecture (AMD x86_64 (AMD64))
arm architecture (ARM)
i386 architecture (Intel ia32)
ia64 architecture (Intel ia64)
m68k architecture (Motorola Mc680x0)
s390 architecture (IBM S/390)
sparc architecture (Sun SPARC/UltraSPARC)

MD5 checksums of the listed files are available in the original advisory.