Summary: | <net-im/gajim-0.15-r1 : Insecure Temporary File Creation (CVE-2012-2093) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | flow, jlec, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48695/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 411269 |
Description
Agostino Sarubbo
2012-04-16 14:06:47 UTC
version 0.15 is fixed by backporting the upstream fix + 23 Apr 2012; Justin Lecher <jlec@gentoo.org> -gajim-0.15.ebuild, + gajim-0.15-r1.ebuild, +files/gajim-0.15-SA48695.patch: + Add backport fix for https://secunia.com/advisories/48695/, #412215 + Please mark stable: =net-im/gajim-0.15-r1 target KEYWORDS : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" amd64 / x86 stable alpha/ia64/sparc stable ppc64 done This patch breaks some things. There is a newer related changeset in the tree: https://trac.gajim.org/changeset/13766/src/common/latex.py With current patch I get this trace when trying to open "Help->Features": Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/gajim/roster_window.py", line 3851, in on_features_menuitem_activate features_window.FeaturesWindow() File "/usr/lib64/python2.7/site-packages/gajim/features_window.py", line 140, in __init__ rep = func() File "/usr/lib64/python2.7/site-packages/gajim/features_window.py", line 249, in latex_available return latex.check_for_latex_support() File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 104, in check_for_latex_support filename = latex_to_image("test") File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 145, in latex_to_image tmpfile = get_tmpfile_name() File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 62, in get_tmpfile_name while(nb < 100): NameError: global name 'nb' is not defined (In reply to comment #6) > This patch breaks some things. There is a newer related changeset in the > tree: > https://trac.gajim.org/changeset/13766/src/common/latex.py > NameError: global name 'nb' is not defined It's fine here, please open separate bug anyway. > It's fine here, please open separate bug anyway. Ok. Done. bug 415891 CVE-2012-2093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2093): src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. Stable HPPA keywords dropped. ppc stable, last arch done @Security: go ahead with vote. Thanks, folks. GLSA Vote: no. Adding to GLSA request with bug 411269. This issue was resolved and addressed in GLSA 201208-04 at http://security.gentoo.org/glsa/glsa-201208-04.xml by GLSA coordinator Sean Amoss (ackle). |