Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 8 R: 2.7.2 Critical: javareconf Temp Directory Issue

fedora
Calendar Grey September 10, 2008
Dist Fedora Esm H88
Fedora 8 R 2.7.2 patch resolves insecure temp folder vulnerability in javareconf script. Important security update included.
Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.

Summary

A language and environment for statistical computing and graphics.

R is similar to the award-winning S system, which was developed at

Bell Laboratories by John Chambers et al. It provides a wide

variety of statistical and graphical techniques (linear and

nonlinear modelling, statistical tests, time series analysis,

classification, clustering, ...).

R is designed as a true computer language with control-flow

constructions for iteration and alternation, and it allows users to

add additional functionality by defining new functions. For

computationally intensive tasks, C, C++ and Fortran code can be linked

and called at run time.

Update Information:

Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.

Topics%20covered

Topics Covered

security advisory Fedora critical fix temp directory javareconf R programming

Change Log

* Fri Aug 29 2008 Tom "spot" Callaway 2.7.2-1 - update to 2.7.2 - fix spec for alpha compile (bz 458931) - fix security issue in javareconf script (bz 460658) * Mon Jul 7 2008 Tom "spot" Callaway 2.7.1-1 - update to 2.7.1 * Wed May 28 2008 Tom "spot" Callaway 2.7.0-5 - add cairo-devel to BR/R, so that cairo backend gets built * Wed May 21 2008 Tom "spot" Callaway 2.7.0-4 - fixup sed invocation added in -3 - make -devel package depend on base R = version-release - fix bad paths in package html files * Wed May 21 2008 Tom "spot" Callaway 2.7.0-3 - fix poorly constructed file paths in html/packages.html (bz 442727) * Tue May 13 2008 Tom "spot" Callaway 2.7.0-2 - add patch from Martyn Plummer to avoid possible bad path hardcoding in /usr/bin/Rscript - properly handle ia64 case (bz 446181) * Mon Apr 28 2008 Tom "spot" Callaway 2.7.0-1 - update to 2.70 - rcompgen is no longer a standalone package - redirect javareconf to /dev/null (bz 442366) * Fri Feb 8 2008 Tom "spot" Callaway 2.6.2-1 - properly version the items in the VR bundle - 2.6.2 - don't use setarch for java setup - fix R post script file * Thu Jan 31 2008 Tom "spot" Callaway 2.6.1-4 - multilib handling (thanks Martyn Plummer) - Update indices in the right place. * Mon Jan 7 2008 Tom "spot" Callaway 2.6.1-3 - move INSTALL back into R main package, as it is useful without the other -devel bits (e.g. installing noarch package from CRAN) * Tue Dec 11 2007 Tom "spot" Callaway 2.6.1-2 - based on changes from Martyn Plummer - use configure options rdocdir, rincludedir, rsharedir - use DESTDIR at installation - remove obsolete generation of packages.html - move header files and INSTALL R-devel package * Mon Nov 26 2007 Tom "spot" Callaway 2.6.1-1 - bump to 2.6.1

References


[ 1 ] Bug #460658 - R: Insecure auxiliary /tmp file usage (symlink attack possible) https://bugzilla.redhat.com/show_bug.cgi?id=460658

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update R' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: R
Product: Fedora 8
Version: 2.7.2
Release: 1.fc8
URL: https://www.r-project.org/
Summary: A language for data analysis and graphics

Topics%20covered

Topics Covered

security advisory Fedora critical fix temp directory javareconf R programming

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here