Fedora 20 : syncevolution-1.4.1-1.fc20 (2014-5186)

Update to 1.4.1 stable release CVE-2014-1639 syncevolution: insecure temporary file usage in installcheck-local.sh It was found 1 that the installcheck-local.sh script of the syncevolution package creates temporary files in an insecure way. A local attacker could use these flaws to perform a...

CVE-2014-1639

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...

CVE-2014-1639

CVE-2014-1639 affects syncevolution installations where the script installcheck-local.sh (before 1.3.99.7) creates a temporary file insecurely using mktemp and then appends a suffix to the original filename, enabling a local attacker to perform a symlink attack and overwrite arbitrary files. The ...

CVE-2014-1639

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...