Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung von temporären Dateien in noweb
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung von temporären Dateien in noweb
ID: 200306-16
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: So, 29. Juni 2003, 13:00
Referenzen: Keine Angabe
Applikationen: noweb

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-16
--------------------------------------------------------------------

          PACKAGE : noweb
          SUMMARY : insecure temporary file creations
             DATE : 2003-06-28 20:23 UTC
          EXPLOIT : local
VERSIONS AFFECTED : <noweb-2.9-r3
    FIXED VERSION : >=noweb-2.9-r3
              CVE : CAN-2003-0381

--------------------------------------------------------------------

quote from cve:
"Multiple vulnerabilities in noweb 2.9 and earlier creates temporary
files insecurely, which allows local users to overwrite arbitrary files
via multiple vectors including the noroff script."

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/noweb upgrade to noweb-2.9-r3 as follows

emerge sync
emerge noweb
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+/flBfT7nyhUpoZMRAsBhAJ9J9rMW/ecxem29uUOs6v3ARwVvpQCeKOjN
rh2kN/TzLR17eFLuzDsPHjc=
=ZAMM
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung