pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
 Posted: Sat Jun 28, 2003 9:25 pm Post subject: [gentoo-security] GLSA: noweb (200306-16) |
 |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-16
- - - ---------------------------------------------------------------------
PACKAGE : noweb
SUMMARY : insecure temporary file creations
DATE : 2003-06-28 20:23 UTC
EXPLOIT : local
VERSIONS AFFECTED : <noweb-2.9-r3
FIXED VERSION : >=noweb-2.9-r3
CVE : CAN-2003-0381
- - - ---------------------------------------------------------------------
quote from cve:
"Multiple vulnerabilities in noweb 2.9 and earlier creates temporary
files insecurely, which allows local users to overwrite arbitrary files
via multiple vectors including the noroff script."
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-text/noweb upgrade to noweb-2.9-r3 as follows
emerge sync
emerge noweb
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+/flBfT7nyhUpoZMRAsBhAJ9J9rMW/ecxem29uUOs6v3ARwVvpQCeKOjN
rh2kN/TzLR17eFLuzDsPHjc=
=ZAMM
-----END PGP SIGNATURE-----
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
News & Announcements
