Debian: DSA-008-1 Critical Symlink Attack In Dialog Software
debian
December 24, 2000
dialog previously did not create them safely which made itsusceptible to a symlink attack.
Topics Covered
Summary
Package : dialog
Problem type : insecure temporary files
Debian-specific: no
Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack.
This has been fixed in version 0.9a-20000118-3bis.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
-3bis.diff.gz
MD5 checksum: 78b6e69859bc18f738982d4f1bd390c7
-3bis.dsc
MD5 checksum: 9bd63778ae6f295d9c06d22ac5910b92
.orig.tar.gz
MD5 checksum: ffa7381631cb24aa5d61dab7f2f1245b
Alpha architecture:
000118-3bis_alpha.deb
MD5 checksum: 57c04e1f8dec33de5dffee92d0b162cb
ARM architecture:
0118-3bis_arm.deb
MD5 checksum: 5735033a17262209a1130459229a0982
Intel ia32 architecture:
00118-3bis_i386.deb
MD5 checksum: f38bbfaa0076a590fe2421eb2...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!