Problem description: Trustix Security Engineers identified that all these packages had one or more script(s) that handled temporary files in an insecure manner. While it is not believed that any of these holes could lead to privilege escalation, it would be possible to trick the scripts to overwrite data writable by the user that invokes the script. These problems can only be exploited by local users, and they would have to wait for someone else, preferably root, to run the vulnerable scripts.
Created attachment 41098 [details, diff] kerberos5-1.3.4-tempfile.patch Trustix patch to fix insecure tempfile handling
aliz/rphillips, please verify and apply patch if necessary.
Reference: http://www.securityfocus.com/advisories/7263 The patch applies cleanly to 1.3.4 and 1.3.5. 1.3.4-r1 needs to be tested on all arch's, but 1.3.5-r1 has been created also and should remain unstable.
archs, please mark mit-krb5-1.3.4-r1 stable.
stable on ppc
Stable on alpha.
Stable on sparc.
stable on amd64.
Stable on mips.
Stable on ia64.
stable on ppc64
GLSA blocked by missing x86 keyword... Could maintainer or x86 arch test and mark stable ?
Done on hppa.
klieber marked stable on x86. arm and s390 should mark stable to benefit from GLSA. GLSA 200410-24