drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von temporären Dateien in noweb
| Name: |
Unsichere Verwendung von temporären Dateien in noweb
|
|
| ID: |
200306-16 |
|
| Distribution: |
Gentoo |
|
| Plattformen: |
Keine Angabe |
|
| Datum: |
So, 29. Juni 2003, 13:00 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
noweb |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-16
--------------------------------------------------------------------
PACKAGE : noweb
SUMMARY : insecure temporary file creations
DATE : 2003-06-28 20:23 UTC
EXPLOIT : local
VERSIONS AFFECTED : <noweb-2.9-r3
FIXED VERSION : >=noweb-2.9-r3
CVE : CAN-2003-0381
--------------------------------------------------------------------
quote from cve:
"Multiple vulnerabilities in noweb 2.9 and earlier creates temporary
files insecurely, which allows local users to overwrite arbitrary files
via multiple vectors including the noroff script."
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-text/noweb upgrade to noweb-2.9-r3 as follows
emerge sync
emerge noweb
emerge clean
--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+/flBfT7nyhUpoZMRAsBhAJ9J9rMW/ecxem29uUOs6v3ARwVvpQCeKOjN
rh2kN/TzLR17eFLuzDsPHjc=
=ZAMM
-----END PGP SIGNATURE-----
|
|
|
|
