[Pardus-security] [PLSA 2009-201] [UPDATED] Coreutils: Unsafe temporary directory location
Eren Türkay
eren at pardus.org.tr
Tue Dec 15 09:33:34 EET 2009
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-201 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2009-12-14
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability was found in coreutils, which can be used by malicious
people to potentially execute arbitrary code under certain
circumstances. [UPDATE] Same issue was fixed in Pardus 2008
Description
===========
Jim Meyering reported a flaw in coreutils in the way, its "distcheck"
Makefile rule used to set up a temporary directory location to be used
later for performing its own tasks. This might allow local attacker to
conduct symlink attacks or potentially execute arbitrary code under
certain circumstances.
Affected packages:
Pardus 2009:
coreutils, all before 7.6-32-7
Pardus 2008:
coreutils, all before 6.12-29-6
Resolution
==========
There are update(s) for coreutils. You can update them via Package
Manager or with a single command from console:
Pardus 2008:
pisi up coreutils
Pardus 2009:
pisi up coreutils
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=11693
* https://bugzilla.redhat.com/show_bug.cgi?id=545439
------------------------------------------------------------------------
More information about the Pardus-security
mailing list