76 matches found
CVE-2015-5701
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700...
Fedora 23 : kdelibs3-3.5.10-71.fc23 (2015-6e50918d8e)
Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...
Fedora 22 : kdelibs3-3.5.10-71.fc22 (2015-2f4b92ed2e)
Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...
Debian DLA-367-1 : kdelibs security update
It has been reported that kdelibs uses the insecure mktemp function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain socket accesses it should not have. In Debian 6 'Squeeze', this issue has...
[SECURITY] [DLA 367-1] kdelibs security update
Package : kdelibs Version : 3.5.10.dfsg.1-5+deb6u1 CVE ID : CVE-2015-7543 It has been reported that kdelibs uses the insecure mktemp function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain...
SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2015:2065-1)
The dracut package was updated to fix the following security and non-security issues : - CVE-2015-0794: Use mktemp instead of hard-coded filenames, possible vulnerability bsc935338. - Always install mdraid modules bsc935993. - Add notice when dracut failed to install modules bsc952491. - Always...
openSUSE Security Update : dracut (openSUSE-2015-765)
The dracut package was updated to fix the following security and non security issues : - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability bnc935338. - Always install mdraid modules boo935993. - Add notice when dracut failed to install modules bsc952491. %NASLMINLEV...
FreeBSD : security/ossec-hids-* -- root escalation via temp files (36858e78-3963-11e4-ad84-000c29f6ae42)
OSSEC reports : This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
security/ossec-hids-* -- root escalation via temp files
OSSEC reports: This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...
DEBIAN-CVE-2014-1839
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...
Code injection
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...
PYSEC-2014-84
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...
PT-2014-4323 · Logilab +1 · Logilab-Common +1
Name of the Vulnerable Software and Affected Versions: logilab-common versions prior to 0.61.0 Description: The Execute class in shellutils in logilab-common uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Recommendations: For...
DEBIAN-CVE-2014-1639
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...
CVE-2014-1639
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...
CVE-2014-1639
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...
Fedora 20 : prboom-plus-2.5.1.3-3.fc20 (2013-20940)
-------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary...
Mandrake Linux Security Advisory : ghostscript (MDKSA-2000:074)
The ghostscript package uses mktemp instead of mkstemp to create temporary files. It also uses improper LDRUNPATH values, which causes it to search for libraries in the current directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
caml-light -- insecure use of temporary files
caml-light uses mktemp insecurely, and also does unsafe things in /tmp during make install...
Fedora 14 : foomatic-4.0.8-3.fc14 (2011-11205)
This package fixes CVE-2011-2924 by using mktemp when creating a debug log file in debug mode. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...