From secunia security advisory at $URL:
A security issue has been reported in Gajim, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
The security issue is caused due to the "get_tmpfile_name()" function (src/common/latex.py) creating temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks.
The security issue is reported in version 0.15. Other versions may also be affected.
Fixed in the Mercurial repository.
Provided and/or discovered by
version 0.15 is fixed by backporting the upstream fix
+ 23 Apr 2012; Justin Lecher <firstname.lastname@example.org> -gajim-0.15.ebuild,
+ gajim-0.15-r1.ebuild, +files/gajim-0.15-SA48695.patch:
+ Add backport fix for https://secunia.com/advisories/48695/, #412215
Please mark stable:
target KEYWORDS : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64 / x86 stable
This patch breaks some things. There is a newer related changeset in the tree:
With current patch I get this trace when trying to open "Help->Features":
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/gajim/roster_window.py", line 3851, in on_features_menuitem_activate
File "/usr/lib64/python2.7/site-packages/gajim/features_window.py", line 140, in __init__
rep = func()
File "/usr/lib64/python2.7/site-packages/gajim/features_window.py", line 249, in latex_available
File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 104, in check_for_latex_support
filename = latex_to_image("test")
File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 145, in latex_to_image
tmpfile = get_tmpfile_name()
File "/usr/lib64/python2.7/site-packages/gajim/common/latex.py", line 62, in get_tmpfile_name
while(nb < 100):
NameError: global name 'nb' is not defined
(In reply to comment #6)
> This patch breaks some things. There is a newer related changeset in the
> NameError: global name 'nb' is not defined
It's fine here, please open separate bug anyway.
> It's fine here, please open separate bug anyway.
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary
files via a symlink attack on a temporary latex file, related to the
Stable HPPA keywords dropped.
ppc stable, last arch done
@Security: go ahead with vote.
Thanks, folks. GLSA Vote: no.
Adding to GLSA request with bug 411269.
This issue was resolved and addressed in
GLSA 201208-04 at http://security.gentoo.org/glsa/glsa-201208-04.xml
by GLSA coordinator Sean Amoss (ackle).