[Backports-security-announce] Security Update for devscripts

Adam D. Barratt uploaded new packages for devscripts which fixed the following security problems: Debian BTS 507482 When copying files from a remote host for signing, the temporary directory created was named based on the process ID rather than using mktemp. Debian BTS 508111 A call to mktemp use...

[Backports-security-announce] Security Update for devscripts

Adam D. Barratt uploaded new packages for devscripts which fixed the following security problems: Debian BTS 507482 When copying files from a remote host for signing, the temporary directory created was named based on the process ID rather than using mktemp. Debian BTS 508111 A call to mktemp use...

[Backports-security-announce] Security Update for devscripts

Adam D. Barratt uploaded new packages for devscripts which fixed the following security problems: Debian BTS 507482 When copying files from a remote host for signing, the temporary directory created was named based on the process ID rather than using mktemp. Debian BTS 508111 A call to mktemp use...

CVE-2006-5298

The muttadvmktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safefopen function cal...

Mandrake Linux Security Advisory : lm_sensors (MDKSA-2005:149)

Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lmsensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root. The updat...

Mandrake Linux Security Advisory : gzip (MDKSA-2003:068)

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for...

lmail local root exploit

lmail is vulnerable to an insecure mktemp race which allows a user to overwrite or create a files. Offending code lmail.c: define MAILTMPFILE "/tmp/rmXXXXXX" ... static char tempfname = MAILTMPFILE; ... if fseekstdin, 0L, 0 != 0 mailfile = fopenmktemptempfname, "w+"; ... Patch: s/mktemp/mkstemp/g...

Проблема символьных линков в lmail (symbolic links)

Используется mktemp...

Символьные линки в ispell (symbolic link)

Используется mktemp...

[RHSA-2000:114-03] ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: ghostscript uses mktemp instead of mkstemp, and uses an improper LDRUNPATH Advisory ID: RHSA-2000:114-03 Issue date: 2000-11-22 Updated on: 2000-11-22 Product: Red Hat Linux Keywords:...

[SECURITY] New version of make released

Package: make Vulnerability type: symlink attack Debian-specific: no The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. make used mktemp while creating temporary files in /tmp. and that is a known potential security...