Trustix Security Engineers identified that all these packages had one or
more script(s) that handled temporary files in an insecure manner. While
it is not believed that any of these holes could lead to privilege
escalation, it would be possible to trick the scripts to overwrite data
writable by the user that invokes the script.
These problems can only be exploited by local users, and they would have to
wait for someone else, preferably root, to run the vulnerable scripts.
Created attachment 41098 [details, diff]
Trustix patch to fix insecure tempfile handling
please verify and apply patch if necessary.
The patch applies cleanly to 1.3.4 and 1.3.5. 1.3.4-r1 needs to be tested on all arch's, but 1.3.5-r1 has been created also and should remain unstable.
archs, please mark mit-krb5-1.3.4-r1 stable.
stable on ppc
Stable on alpha.
Stable on sparc.
stable on amd64.
Stable on mips.
Stable on ia64.
stable on ppc64
GLSA blocked by missing x86 keyword... Could maintainer or x86 arch test and mark stable ?
Done on hppa.
klieber marked stable on x86.
arm and s390 should mark stable to benefit from GLSA.