Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 539794

Summary: sys-apps/kexec-tools: insecure use of /tmp/*$$* filenames
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: jlec, kernel-misc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1191575
Whiteboard: B4 [upstream/ebuild]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-02-11 16:22:20 UTC
From ${URL} :

Harald Hoyer from Red Hat reported that /usr/lib/dracut/modules.d/99kdumpbase/module-setup.sh 
script uses insecure temporary files names, which can lead to a local denial of service.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Justin Lecher (RETIRED) gentoo-dev 2015-02-11 16:48:57 UTC
We are not installing this file. So not applicable to gentoo.