Summary: | <net-analyzer/fail2ban-0.8.4-r3: Insecure temp file usage (CVE-2009-5023) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexanderyt, hwoarang, netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 392481 | ||
Bug Blocks: |
Description
Tim Sammut (RETIRED)
2011-04-26 03:35:09 UTC
The target files remain the same, however the location has changed http://fail2ban.svn.sourceforge.net/viewvc/fail2ban/branches/FAIL2BAN-0_8/config/action.d/mail-buffered.conf?r1=701&r2=767 /var/run/* is not writable by users, so *in theory* it can't be exploited by local or remote attackers. If there are no objections, I will create a snapshot for this one (In reply to comment #1) > > If there are no objections, I will create a snapshot for this one No objections here. Thank you. fail2ban-0.8.4-r3 is now on tree with the patch from the svn repository. (In reply to comment #3) > fail2ban-0.8.4-r3 is now on tree with the patch from the svn repository. Great, thank you. Arches, please test and mark stable: =net-analyzer/fail2ban-0.8.4-r3 Target keywords : "amd64 hppa ppc ppc64 x86" amd64 ok amd64 done. Thanks Agostino Stable for HPPA. x86 stable. Thanks ppc/ppc64 stable, last arch done Thanks, everyone. GLSA Vote: Yes. GLSA vote: Yes. GLSA request filed. This issue was resolved and addressed in GLSA 201406-03 at http://security.gentoo.org/glsa/glsa-201406-03.xml by GLSA coordinator Chris Reffett (creffett). |