----- Forwarded message from [EMAIL PROTECTED] ----- > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > X-Mailer: Mutt 1.0.1i > Date: Thu, 10 Aug 2000 16:35:47 -0300 > To: [EMAIL PROTECTED] > Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - diskcheck > > ---------------------------------------------------------------------- > CONECTIVA LINUX SECURITY ANNOUNCEMENT > ---------------------------------------------------------------------- > > PACKAGE : diskcheck > SUMMARY : Insecure file creation in /tmp > DATE : 2000-08-10 > AFFECTED CONECTIVA VERSIONS : 5.0, 5.1, e-commerce and graphic tools > > > DESCRIPTION > The diskcheck package includes a perl script which checks for available > disk space. It is run as root by cron every hour. > This script creates a file in /tmp in an insecure manner, allowing an > attacker to use symlink attacks to write anywhere in the system. > > > SOLUTION > All users should upgrade immediately. This new package no longer > creates temporary files. > > > DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/noarch/diskcheck-3.1.1-3cl.noarch.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/noarch/diskcheck-3.1.1-3cl.noarch.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/ecommerce/noarch/diskcheck-3.1.1-3cl.noarch.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/graficas/noarch/diskcheck-3.1.1-3cl.noarch.rpm > > > DIRECT LINK TO THE SOURCE PACKAGES > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/diskcheck-3.1.1-3cl.src.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/diskcheck-3.1.1-3cl.src.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/ecommerce/SRPMS/diskcheck-3.1.1-3cl.src.rpm > >ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/ferramentas/graficas/SRPMS/diskcheck-3.1.1-3cl.src.rpm > > > ---------------------------------------------------------------------- > > All packages are signed with Conectiva's GPG key. The key can be obtained at > http://www.conectiva.com.br/contato > > ---------------------------------------------------------------------- > subscribe: [EMAIL PROTECTED] > unsubscribe: [EMAIL PROTECTED] > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
