Scientific Linux 4.x Low: ccs CVE-2008-6552 Security Update

Date: Thu, 24 Feb 2011 13:45:58 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Low: ccs on SL4.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Low: ccs security update
Issue date:	2011-02-16
CVE Names:	CVE-2008-6552

An insecure temporary file use flaw was found in ccs_tool. A local
attacker could use this flaw to conduct a symbolic link attack, allowing
them to overwrite (with the output of ccs_tool) an arbitrary file
writable by the victim running ccs_tool. (CVE-2008-6552)

SL 4.x

 SRPMS:
ccs-1.0.13-2.src.rpm
 i386:
ccs-1.0.13-2.i686.rpm
ccs-devel-1.0.13-2.i686.rpm
 x86_64:
ccs-1.0.13-2.x86_64.rpm
ccs-devel-1.0.13-2.x86_64.rpm

-Connie Sieh
-Troy Dawson