Debian: 'sgml-tools' insecure temp files

Date 07 Mar 2001

Category Debian Linux Distribution - Security Advisories

2594

Posted By LinuxSecurity Advisories

Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion.


----------------------------------------------------------------------------
Debian Security Advisory DSA-038-1                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/                               Martin Schulze
March 8, 2001
----------------------------------------------------------------------------

Package        : sgml-tools
Vulnerability  : insecure use of tempfiles
Type           : local tempfile problem
Debian-specific: no
Fixed version  : 1.0.9-15

Former versions of sgml-tools created temporary files directly in /tmp
in an insecure fashion.  Version 1.0.9-15 and higher create a
subdirectory first and open temporary files within that directory.

We recommend you upgrade your sgml-tools package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

  Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
  architectures.


  Source archives:

     https://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9.orig.tar.gz
      MD5 checksum: 41187c94c4c112253543c50a834c223c
     https://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9-15.dsc
      MD5 checksum: 5092e08e04f8ad13a594335a718490b4
     https://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9-15.diff.gz
      MD5 checksum: 872d55460634c4e7fb84e06e946989c7

  Intel ia32 architecture:

     https://security.debian.org/dists/stable/updates/main/binary-i386/sgml-tools_1.0.9-15_i386.deb
      MD5 checksum: bc2d3d8eea05c1b0495724390b2099a4

  Motorola 680x0 architecture:

     https://security.debian.org/dists/stable/updates/main/binary-m68k/sgml-tools_1.0.9-15_m68k.deb
      MD5 checksum: b387d59f20d79d0ac37375e5b009c7e1

  Sun Sparc architecture:

     https://security.debian.org/dists/stable/updates/main/binary-sparc/sgml-tools_1.0.9-15_sparc.deb
      MD5 checksum: 4ca530c6d43a0d7bd05c9857316467db

  Alpha architecture:

     https://security.debian.org/dists/stable/updates/main/binary-alpha/sgml-tools_1.0.9-15_alpha.deb
      MD5 checksum: 52745714a737dd035f56c9952f356470

  PowerPC architecture:

     https://security.debian.org/dists/stable/updates/main/binary-powerpc/sgml-tools_1.0.9-15_powerpc.deb
      MD5 checksum: 946a6aa2b2517cca2c35a6ec28eafabf

  ARM architecture:

     https://security.debian.org/dists/stable/updates/main/binary-arm/sgml-tools_1.0.9-15_arm.deb
      MD5 checksum: cc5f223311f462895e56cdf624a61367


  These files will be moved into
   ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

----------------------------------------------------------------------------
For apt-get: deb  https://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and  https://packages.debian.org/