Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in gettext
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in gettext
ID: USN-5-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Mi, 3. November 2004, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0966
Applikationen: gettext

Originalnachricht

 
===========================================================
Ubuntu Security Notice USN-5-1             October 27, 2004
gettext vulnerabilities
CAN-2004-0966
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gettext

The problem can be corrected by upgrading the affected package to
version 0.14.1-2ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the
gettext package. The programs "autopoint" and "gettextize"
 created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.

  Source archives:

    gettext_0.14.1-2ubuntu0.1.diff.gz
      Size/MD5:    82347 e172d137c397dc88ca545acebd40b423
    gettext_0.14.1-2ubuntu0.1.dsc
      Size/MD5:      789 d273a3e94446d89f603d16ed9587d00b
    gettext_0.14.1.orig.tar.gz
      Size/MD5:  6550874 78f4b862510beb2e5d43223dd610e77d

  Architecture independent packages:

    gettext-doc_0.14.1-2ubuntu0.1_all.deb
      Size/MD5:   638924 610bd9c00f7971f9d359f7a3902db2e4
    gettext-el_0.14.1-2ubuntu0.1_all.deb
      Size/MD5:    45340 cf1fc64a65b38622fdbd29e63b538b69

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    gettext-base_0.14.1-2ubuntu0.1_amd64.deb
      Size/MD5:    92890 581e614d3c390a0b0c4b52752e03cf75
    gettext_0.14.1-2ubuntu0.1_amd64.deb
      Size/MD5:  1576278 a3240029c897fcfac68be7eda1f638bb

  i386 architecture (x86 compatible Intel/AMD)

    gettext-base_0.14.1-2ubuntu0.1_i386.deb
      Size/MD5:    91066 df2857a4dd7be300743c4e8ec7990997
    gettext_0.14.1-2ubuntu0.1_i386.deb
      Size/MD5:  1549186 d16f720d7ef6e031afab70263394c70a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    gettext-base_0.14.1-2ubuntu0.1_powerpc.deb
      Size/MD5:    94174 9f849ed93f64d80fe669603b581b9df3
    gettext_0.14.1-2ubuntu0.1_powerpc.deb
      Size/MD5:  1590102 cba3d457ded8697c018b3e3ac6853f94
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung