drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in rpmdevtools
Name: |
Unsichere Verwendung temporärer Dateien in rpmdevtools |
|
ID: |
MDVSA-2013:123 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Business Server 1.0 |
|
Datum: |
Mi, 10. April 2013, 17:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3500
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316 |
|
Applikationen: |
rpmdevtools |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1365605833-2161-397
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:123 http://www.mandriva.com/en/support/security/ _______________________________________________________________________
Package : rpmdevtools Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________
Problem Description:
Updated rpmdevtools package fixes security vulnerability: A TOCTOU race condition was found in the way 'annotate-output' (used to execute a program annotating the output linewise with time and stream) tool of rpmdevtools before 8.3 performed management of its temporary files used for standard output and standard error output. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to their ability in an unauthorized way to alter files belonging to the user running the 'annotate-output' tool (CVE-2012-3500). _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3500 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316 _______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64: 71b23cbb10bd646ca4ba1f5e772f77a1 mbs1/x86_64/rpmdevtools-8.3-1.mbs1.noarch.rpm fa512beb5677542a86236f63262a9b91 mbs1/SRPMS/rpmdevtools-8.3-1.mbs1.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZVNFmqjQ0CJFipgRAlcCAKCY47at4+lH8jwXSjpo7I4tMyLdjgCeOLzJ x61EqhnMkmg5NOfXU4lsFb4= =ug3y -----END PGP SIGNATURE-----
------------=_1365605833-2161-397 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________
------------=_1365605833-2161-397--
|
|
|
|