7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Dmitry E. Oboukhov discovered that the “to-upgrade” plugin of Feta,
a simpler interface to APT, dpkg, and other Debian package tools
creates temporary files insecurely, which may lead to local denial
of service through symlink attacks.
For the stable distribution (etch), this problem has been fixed in
version 1.4.15+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.16+nmu1.
We recommend that you upgrade your feta package.