3 matches found
[ GLSA 200712-11 ] Portage: Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
CVE-2007-6249
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file...
CVE-2007-6249
CVE-2007-6249 concerns Portage (Gentoo) = 2.1.3.11 (or apply equivalent patches) to mitigate the risk. If upgrading is not immediately possible, be aware that the description and related GLSAs/Nessus entries consistently describe an information-disclosure impact due to insecure temporary files du...