I believe this bug is fixed by two patches that can be found at: http://uw-dig.uwaterloo.ca/~hy3chan/patches/openmosixview/1.5/ (patches 20-logdirectory.diff and 50-nonodestmp.diff). I think that they should apply cleanly without the other patches -- probably at worst with some fuzz. I'm trying to confirm with the people who originally reported the vulnerability to check that the patches do indeed fix the issues that they reported, but I'm pretty sure they do.
The patches found there (except for 99debian.diff) have already been accepted by upstream for inclusion in the next release of openMosixView.
20-logdirectory.diff may break other software that depends on a predictable location for the openMosixViewCollector logs (such as openMosixWebView, not included in Debian, and I think that openMosixWebView has been changed to check both locations). But I don't think there's any other way around it -- besides, upstream is already going to implement the change in the next release.
For reference, my mail to Rexotec (the original reporters) and the openMosixView mailing list can be found at: http://sourceforge.net/mailarchive/message.php?msg_id=11330106
-- Hubert Chan <[EMAIL PROTECTED]> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
