From ${URL} : Steve Kemp discovered the _rl_tropen() function in readline, a set of libraries to handle command lines, insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. As noted in the CVE request, _rl_tropen() is typically only called during debugging. CVE request: http://seclists.org/oss-sec/2014/q1/579 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Created attachment 381760 [details, diff] readline-6.3-CVE-2014-2524.patch
CVE-2014-2524 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2524): The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
As per RedHat Bugzilla this is fixed in 6.3 Patch 3. We have 6.3_p8-r1 in tree but not stable. Maintainers please advise if you want to stabilize or call for stabilization yourself.
January 15 - 6.3_p8-r2 has been uploaded. If that fixes this bug please advise if ready for stabilization.
@base-system, please cleanup all vulnerable versions in the tree.
(In reply to Aaron Bauman from comment #5) > @base-system, please cleanup all vulnerable versions in the tree. @maintainer(s), can this be cleaned?
Vote for GLSA = No Thank you all for your work. Maintainers please clean up vulnerable versions.
Maintainer(s), please drop the vulnerable version(s).
Tree is clean.