Gentoo Bug 87939 - app-arch/sharutils: Insecure tempfile creation

First Last Prev Next No search results available Search page Enter new bug

Bug#:	87939
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 87939 depends on:			Show dependency tree
Bug 87939 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-04-04 11:33 0000

Details follow:

Joey Hess discovered that "unshar" created temporary files in an
insecure manner. This could allow a symbolic link attack to create or
overwrite arbitrary files with the privileges of the user invoking the
program.

------- Comment #1 From Luke Macken (RETIRED) 2005-04-04 11:35:44 0000 -------

Debian/ubuntu patch:

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2.diff.gz

------- Comment #2 From SpanKY 2005-04-04 20:49:15 0000 -------

4.2.1-r11 now in portage with the relevant parts of the ubuntu patch

------- Comment #3 From Thierry Carrez (RETIRED) 2005-04-05 00:40:04 0000 -------

Arches, please test and mark stable 4.2.1-r11

------- Comment #4 From Markus Rothe 2005-04-05 07:40:56 0000 -------

stable on ppc64

------- Comment #5 From Olivier Crete 2005-04-05 07:58:56 0000 -------

x86 done

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-04-05 08:04:53 0000 -------

Stable on ppc.

------- Comment #7 From Gustavo Zacarias (RETIRED) 2005-04-05 08:20:47 0000 -------

sparc stable.

------- Comment #8 From Hardave Riar (RETIRED) 2005-04-05 10:17:21 0000 -------

Stable on mips.

------- Comment #9 From Bryan Østergaard (RETIRED) 2005-04-06 01:36:40 0000 -------

Stable on alpha.

------- Comment #10 From Jan Brinkmann (RETIRED) 2005-04-06 12:34:56 0000 -------

  05 Apr 2005; Jan Brinkmann <luckyduck@gentoo.org>
  sharutils-4.2.1-r11.ebuild:
  Stable on amd64, bug #87939.

------- Comment #11 From René Nussbaumer 2005-04-06 13:56:36 0000 -------

hansmi has marked this package stable.

------- Comment #12 From Luke Macken (RETIRED) 2005-04-06 15:16:59 0000 -------

GLSA 200504-06

arm/ia64/s390, please mark stable to benefit from GLSA.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 87939

app-arch/sharutils: Insecure tempfile creation

Last modified: 2005-04-06 16:10:31 0000