Package: firehol Version: 1.214-3 Severity: grave Tags: security I'm afraid that recent fixes still missed some unsafe temporary directory uses in firehol. In firehol-lib.sh I see:
${CAT_CMD} /proc/config >/tmp/kcfg.$$ Upstream patched this here: http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh?r1=1.224&r2=1.225&diff_format=u The other parts of that patch, which add ${RANDOM} to filenames, do not seem to actually add security. This may or may not still be part of CAN-2005-0225, the CAN is not sufficiently clear to tell. -- see shy jo
signature.asc
Description: Digital signature