[Full-disclosure] UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling

From: Sune Kloppenborg Jeppesen (jaervosz_at_gentoo.org)
Date: 04/22/05

  • Next message: Thierry Carrez: "[Full-disclosure] [ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability" 
    To: gentoo-announce@gentoo.org
Date: Fri, 22 Apr 2005 13:47:10 +0200

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory [UPDATE] GLSA 200410-10:02
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: Low
         Title: gettext: Insecure temporary file handling
          Date: October 10, 2004
       Updated: April 21, 2005
          Bugs: #66355
            ID: 200410-10:02

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Update
    ======

    gettext version 0.14.1 reintroduced an old vulnerability by failing to
    apply the proper patch.

    The updated sections appear below.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 sys-devel/gettext < 0.14.1-r1 >= 0.14.1-r1
                                                             *>= 0.12.1-r2

    Resolution
    ==========

    All gettext users should upgrade to the latest version:

        # emerge --sync
        # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.14.1-r1"

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200410-10.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Thierry Carrez: "[Full-disclosure] [ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability"

    Relevant Pages
    Loading