logo
DATABASE RESOURCES PRICING ABOUT US

Scilab: Insecure temporary file usage

Description

### Background Scilab is a scientific software package for numerical computations. ### Description Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. ### Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. ### Workaround There is no known workaround at this time. ### Resolution All Scilab users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sci-mathematics/scilab-4.1.2-r1"


Affected Package


OS OS Version Package Name Package Version
Gentoo any sci-mathematics/scilab 4.1.2-r1

Related