Fedora 20 : prboom-plus-2.5.1.3-3.fc20 (2013-20940)

-------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary...

Mandrake Linux Security Advisory : ghostscript (MDKSA-2000:074)

The ghostscript package uses mktemp instead of mkstemp to create temporary files. It also uses improper LDRUNPATH values, which causes it to search for libraries in the current directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

CVE-2012-2652

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

DEBIAN-CVE-2012-2652

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

CVE-2012-2652

CVE-2012-2652 affects QEMU (bdrv_open in snapshot mode) where mkstemp failure handling allows a local attacker to race a symlink and overwrite/read arbitrary files. Affected context is QEMU 1.0 in snapshot mode; impact is local file read/write via symlink to an unnamed temporary file. Public advi...

CVE-2012-2652

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

PT-2012-4162 · Qemu · Qemu

Name of the Vulnerable Software and Affected Versions: Qemu version 1.0 Description: The issue arises from the bdrv open function in Qemu, which fails to properly handle the failure of the mkstemp function when in snapshot node. This allows local users to overwrite or read arbitrary files via a...

Code injection

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

DEBIAN-CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The CVE-2008-1687 issue affects GNU m4 up to version 1.4.10; the maketemp and mkstemp builtins do not quote their output when creating a file, which can let an attacker trigger a macro expansion and cause the program to use an incorrect filename. The root cause is unquoted output during file crea...

Fedora 7 : id3lib-3.8.3-17.fc7 (2007-1774)

This security update fixes a minor tempfile creation security issue CVE-2007-4460 by using mkstemp bugzilla 253553 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format i...

lmail local root exploit

lmail is vulnerable to an insecure mktemp race which allows a user to overwrite or create a files. Offending code lmail.c: define MAILTMPFILE "/tmp/rmXXXXXX" ... static char tempfname = MAILTMPFILE; ... if fseekstdin, 0L, 0 != 0 mailfile = fopenmktemptempfname, "w+"; ... Patch: s/mktemp/mkstemp/g...

[RHSA-2000:114-03] ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: ghostscript uses mktemp instead of mkstemp, and uses an improper LDRUNPATH Advisory ID: RHSA-2000:114-03 Issue date: 2000-11-22 Updated on: 2000-11-22 Product: Red Hat Linux Keywords:...