openSUSE Security Update : deb / update-alternatives (openSUSE-SU-2012:1437-1)

Fix tmp issues in annotate-output bnc778291, CVE-2012-3500 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-757. The text description of this plugin is C SUSE LLC...

Mandriva Linux Security Advisory : rpmdevtools (MDVSA-2013:123)

Updated rpmdevtools package fixes security vulnerability : A TOCTOU race condition was found in the way 'annotate-output' used to execute a program annotating the output linewise with time and stream tool of rpmdevtools before 8.3 performed management of its temporary files used for standard outp...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacker could possibly execute arbitrary code. CVE-2012-0212 Raphael Geissert discovered that the...

USN-1593-1: devscripts vulnerabilities

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. CVE-2012-0212 Raphael Geissert discovered that the...

CVE-2012-3500

CVE-2012-3500 is a local reliability issue in the annotate-output mechanism: scripts/annotate-output.sh in devscripts < 2.12.2 (used by rpmdevtools

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...

Debian: Security Advisory (DSA-2549-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 18 : rpmdevtools-8.3-1.fc18 (2012-13208)

Update to upstream version 8.3, fixing among other issues a symlink attack possibility in annotate-output CVE-2012-3500. http://git.fedorahosted.org/cgit/rpmdevtools.git/tree/NEWS?id=HEAD Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora Update for rpmdevtools FEDORA-2012-13234

Check for the Version of rpmdevtools OpenVAS Vulnerability Test Fedora Update for rpmdevtools FEDORA-2012-13234 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Fedora Update for rpmdevtools FEDORA-2012-13263

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rpmdevtools FEDORA-2012-13234

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 17 : rpmdevtools-8.3-1.fc17 (2012-13234)

Update to upstream version 8.3, fixing among other issues a symlink attack possibility in annotate-output CVE-2012-3500. http://git.fedorahosted.org/cgit/rpmdevtools.git/tree/NEWS?id=HEAD Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...