drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in noweb
Name: |
Unsichere Verwendung temporärer Dateien in noweb |
|
ID: |
USN-254-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Di, 21. Februar 2006, 16:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3342 |
|
Applikationen: |
noweb |
|
Originalnachricht |
--===============1541924425== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9UV9rz0O2dU/yYYn" Content-Disposition: inline
--9UV9rz0O2dU/yYYn Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Ubuntu Security Notice USN-254-1 February 21, 2006 noweb vulnerability CVE-2005-3342 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
nowebm
The problem can be corrected by upgrading the affected package to version 2.10c-3ubuntu1.1 (for Ubuntu 4.10), 2.10c-3.1ubuntu5.04.1 (for Ubuntu 5.04), or 2.10c-3.1ubuntu5.10.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Javier Fern=E1ndez-Sanguino Pe=F1a discovered that noweb scripts created temporary files in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running noweb.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3ubuntu= 1.1.diff.gz Size/MD5: 11262 c97d1934407598134e7da5d53b4c625a http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3ubuntu= 1.1.dsc Size/MD5: 629 a21c779c23311c40353fee565971f7dd http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c.orig.ta= r.gz Size/MD5: 712332 30bbacf1fb2a402410e5ad2fb600d9fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3ubunt= u1.1_amd64.deb Size/MD5: 535460 2d35850c7436ec5e1c452098ab8f2f26
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3ubunt= u1.1_i386.deb Size/MD5: 518536 7b89ab418e72de19d81aed9d1dc8aefa
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3ubunt= u1.1_powerpc.deb Size/MD5: 522740 f5b23a14a7600e91788a6803e1453861
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3.1ubun= tu5.04.1.diff.gz Size/MD5: 11276 d692bce20df8c6e0fb64013daf7bc9e5 http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3.1ubun= tu5.04.1.dsc Size/MD5: 639 6b6781615241f3d07db34b4ed951eab4 http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c.orig.ta= r.gz Size/MD5: 712332 30bbacf1fb2a402410e5ad2fb600d9fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.04.1_amd64.deb Size/MD5: 535570 7ed60a1bfce4de9db2b6f6ca24f7544d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.04.1_i386.deb Size/MD5: 518652 973b9b6459bc21f645725f4c5013500f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.04.1_powerpc.deb Size/MD5: 522804 70fd183b24ea9c8d77ca8eb65172924f
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3.1ubun= tu5.10.1.diff.gz Size/MD5: 11275 8b1c3749cd3fc5f0f5bb0909d1db527c http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c-3.1ubun= tu5.10.1.dsc Size/MD5: 639 3f37d4a988691727bdc9452e459ccc46 http://security.ubuntu.com/ubuntu/pool/main/n/noweb/noweb_2.10c.orig.ta= r.gz Size/MD5: 712332 30bbacf1fb2a402410e5ad2fb600d9fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.10.1_amd64.deb Size/MD5: 535562 8ce18eceec28b3bb1165156e17d06f10
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.10.1_i386.deb Size/MD5: 519066 5d22ae6879e674ba5dba97a10957e6c7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/noweb/nowebm_2.10c-3.1ubu= ntu5.10.1_powerpc.deb Size/MD5: 522756 2ea6685d6400fc111cf093f01b7a4b39
--9UV9rz0O2dU/yYYn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFD+zIkDecnbV4Fd/IRAhRXAKCNUk+GVY/ryOAMlZDOFT5jZdgUcQCfXPoF Z41M5qhZ3t9cwWpHovJvMUs= =yABo -----END PGP SIGNATURE-----
--9UV9rz0O2dU/yYYn--
--===============1541924425== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1541924425==--
|
|
|
|