Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 534
Alerts This Week
Warning Icon 1 534

Red Hat RHSA-2001:110-05 Critical: Setserial Insecure Temp File Advisory

red hat
Calendar Grey September 26, 2001
Dist Redhat Esm H88
Investigating a critical flaw within the Red Hat setserial initialization script, which raises security issues due to the generation of predictable temporary files.

The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used

Solution

Do not use the initscript supplied with setserial. To disable it, use the following command:

/sbin/chkconfig serial off

Alternatively, if your system needs manual adjustment of its serial port settings and you wish to have those adjustments re-applied automatically on boot, be sure to use a kernel that has non-modular serial port support, such as those supplied by Red Hat, Inc.

5. Bug IDs fixed ( for more info):



6. RPMs required:



7. Verification:

MD5 sum Package Name



These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Bugzilla bug #52862, at: https://bugzilla.redhat.com/show_bug.cgi Copyright(c) 2000, 2001 Red Hat, Inc.

`

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2001:110-05
Issue date: 2001-09-12
Updated on: 2001-09-19
Product: Red Hat Linux
Keywords: setserial initscript temporary file
Cross references:
Obsoletes:
:

Topic

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.