drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von temporären Dateien in noweb
Name: |
Unsichere Verwendung von temporären Dateien in noweb
|
|
ID: |
200306-16 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 29. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
noweb |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-16 --------------------------------------------------------------------
PACKAGE : noweb SUMMARY : insecure temporary file creations DATE : 2003-06-28 20:23 UTC EXPLOIT : local VERSIONS AFFECTED : <noweb-2.9-r3 FIXED VERSION : >=noweb-2.9-r3 CVE : CAN-2003-0381
--------------------------------------------------------------------
quote from cve: "Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script."
SOLUTION
It is recommended that all Gentoo Linux users who are running app-text/noweb upgrade to noweb-2.9-r3 as follows
emerge sync emerge noweb emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+/flBfT7nyhUpoZMRAsBhAJ9J9rMW/ecxem29uUOs6v3ARwVvpQCeKOjN rh2kN/TzLR17eFLuzDsPHjc= =ZAMM -----END PGP SIGNATURE-----
|
|
|
|