Debian: Important Cfengine Upgrade For Symlink Attack Risk
debian
December 13, 1999
The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspec...
Topics Covered
Summary
The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspectible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.
We recommend you upgrade your cfengine package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
This version of Debian was released only for the Intel and the
Motorola 680x0 architecture.
Source archives:
_1.4.9.orig.tar.gz
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
.4.9-3.diff.gz
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
-3.dsc
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44
Intel architecture:
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b
Motorola 680x0 architecture:
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b
For not yet released architectures please refer to ...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!