Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 9 R 2.7.2 Moderate Advisory: Unsafe Temp Directory Issue

fedora
Calendar Grey September 10, 2008
Dist Fedora Esm H88
The R version 2.7.2 update improves the security of temp directory management within the javareconf script specifically for Fedora 9.
Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.

Summary

A language and environment for statistical computing and graphics.

R is similar to the award-winning S system, which was developed at

Bell Laboratories by John Chambers et al. It provides a wide

variety of statistical and graphical techniques (linear and

nonlinear modelling, statistical tests, time series analysis,

classification, clustering, ...).

R is designed as a true computer language with control-flow

constructions for iteration and alternation, and it allows users to

add additional functionality by defining new functions. For

computationally intensive tasks, C, C++ and Fortran code can be linked

and called at run time.

Update Information:

Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.

Topics%20covered

Topics Covered

security advisory moderate security issue Fedora javareconf R unsafe temp directory

Change Log

* Fri Aug 29 2008 Tom "spot" Callaway 2.7.2-1 - update to 2.7.2 - fix spec for alpha compile (bz 458931) - fix security issue in javareconf script (bz 460658) * Mon Jul 7 2008 Tom "spot" Callaway 2.7.1-1 - update to 2.7.1 * Wed May 28 2008 Tom "spot" Callaway 2.7.0-5 - add cairo-devel to BR/R, so that cairo backend gets built * Wed May 21 2008 Tom "spot" Callaway 2.7.0-4 - fixup sed invocation added in -3 - make -devel package depend on base R = version-release - fix bad paths in package html files * Wed May 21 2008 Tom "spot" Callaway 2.7.0-3 - fix poorly constructed file paths in html/packages.html (bz 442727) * Tue May 13 2008 Tom "spot" Callaway 2.7.0-2 - add patch from Martyn Plummer to avoid possible bad path hardcoding in /usr/bin/Rscript - properly handle ia64 case (bz 446181) * Mon Apr 28 2008 Tom "spot" Callaway 2.7.0-1 - update to 2.70 - rcompgen is no longer a standalone package - redirect javareconf to /dev/null (bz 442366)

References


[ 1 ] Bug #460658 - R: Insecure auxiliary /tmp file usage (symlink attack possible) https://bugzilla.redhat.com/show_bug.cgi?id=460658

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update R' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: R
Product: Fedora 9
Version: 2.7.2
Release: 1.fc9
URL: https://www.r-project.org/
Summary: A language for data analysis and graphics

Topics%20covered

Topics Covered

security advisory moderate security issue Fedora javareconf R unsafe temp directory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here