Summary: | <app-text/gv-3.7.1: Symlink attack (CVE-2010-2056) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Samuli Suominen (RETIRED) <ssuominen> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Samuli Suominen (RETIRED)
2010-07-20 14:53:44 UTC
Tested on x86. Good to go. stable x86, thanks Thomas amd64/ppc64 done CVE-2010-2056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056): GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Hijacking the bug... Arches, please go on with stabilizing the package. Marked ppc stable. alpha/sparc stable Stable for HPPA. all arch's done & vuln. version removed Vote: YES. GLSA Vote: Yes too, request filed. No vulnerable version in tree anymore. Nothing left to do for printing. This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle). |