Public bug reported: Binary package hint: dist
Fixes a grave issue which could cause data loss and to denial of service as well dist (1:3.5-17-2) unstable; urgency=high * If a script uses a temp file which is created in /tmp, then an attacker can create symlink with the same name in this directory in order to destroy or rewrite some system or user files. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Creating files with rand or pid to randomize the file names is not adequate to protect the system. We now use File::Temp to safely create the temporary files as needed. This closes a grave bug. There are no code changes in this version, apart from the bug fix. Closes: #496412 * Updated the Standards version. (No changes) -- Manoj Srivastava <[EMAIL PROTECTED]> Fri, 29 Aug 2008 22:28:31 -0500 ** Affects: dist (Ubuntu) Importance: Undecided Status: New -- Please sync dist 3.5-17-2 from Debian(Unstable) https://bugs.launchpad.net/bugs/263086 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs