drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von temporären Dateien in gzip
Name: |
Unsichere Verwendung von temporären Dateien in gzip
|
|
ID: |
200306-05 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 15. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
gzip |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-05 --------------------------------------------------------------------
PACKAGE : gzip SUMMARY : insecure temporary files DATE : 2003-06-14 16:40 UTC EXPLOIT : local VERSIONS AFFECTED : <gzip-1.3.3-r2 FIXED VERSION : >=gzip-1.3.3-r2 CVE : CVE-1999-1332 CAN-2003-0367
--------------------------------------------------------------------
znew and gzexe in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-apps/gzip upgrade to gzip-1.3.3-r2 as follows
emerge sync emerge gzip emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+61AHfT7nyhUpoZMRAo0MAJ9OhzpYzwwQnGWVpjq+qNw4XS7wmwCfdLx9 TMRO/OEA1h7hpPUNRGXUPys= =J+QB -----END PGP SIGNATURE-----
|
|
|
|