The new upstream version that fixes this bug introduces a lot of other
changes and doesn't seem acceptable for lenny.
Is anyone working on backporting the fix for a t-p-u upload? I can
probably do it later this week but I don't want to duplicate work.
Cheers,
Stefan
--
To UNSUBSCRIBE, emai
Hi,
the following two additional CVE ids have been assigned to
symlink issues in cman & redhat-cluster:
CVE-2008-4579[0]:
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a)
| fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode,
| allows local users to append to ar
Hi,
It looks like there are some more tempfile creation problems in the
redhat-cluster source package.
1) In rgmanager/src/daemons/main.c (line 707):
void
dump_internal_state(char *loc)
{
FILE *fp;
fp=fopen(loc, "w+");
dump_
severity 496410 important
thanks
On Wed, Aug 27, 2008 at 07:12:29PM +0400, Dmitry E. Oboukhov wrote:
> _or_ _causes_ _data_ _loss_
It does not cause data loss, the admin needs to execute it. And now stop
bitching around.
Bastian
--
Superior ability breeds superior ambition.
--
Processing commands for [EMAIL PROTECTED]:
> severity 496410 important
Bug#496410: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assista
severity 496410 grave
thanks
SL> So I don't think I've made a mistake here.
You are mistake, see
http://www.debian.org/Bugs/Developer.en.html#severities
quote:
grave
makes the package in question unusable or mostly so, or causes data
loss, or introduces a security hole allowing access t
On Mon, Aug 25, 2008 at 10:40:31AM +0400, Dmitry E. Oboukhov wrote:
> On 13:15 Sun 24 Aug , Steve Langasek wrote:
> SL> severity 496410 important
> SL> thanks
> You are mistake :)
> Your script places in /usr/sbin, ie it runs with root privs.
> If I create symlink /etc/shadow -> /tmp/eglog an
tags 496410 security
thanks
On 13:15 Sun 24 Aug , Steve Langasek wrote:
SL> severity 496410 important
SL> thanks
You are mistake :)
Your script places in /usr/sbin, ie it runs with root privs.
If I create symlink /etc/shadow -> /tmp/eglog and You start this script,
then your system 'll damag
severity 496410 important
thanks
On Sun, Aug 24, 2008 at 10:05:29PM +0400, Dmitry E. Oboukhov wrote:
> Package: cman
> Severity: grave
> Binary-package: cman (2.20080629-1)
> file: /usr/sbin/fence_egenera
The broken usage is:
local *egen_log;
open(egen_log,">/tmp/eglog");
Processing commands for [EMAIL PROTECTED]:
> severity 496410 important
Bug#496410: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assista
Package: cman
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors which m
11 matches
Mail list logo
