Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
91
security advisorygentootemp file issueGentoo: GLSA-200611-23 Normal: Mono Security Flaw in Temp File Management
Mono is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mono: Insecure temporary file creation Date: November 28, 2006 Bugs: #150264 ID: 200611-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Mono is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= Mono provides the necessary software to develop and run .NET client and server applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/mono < 1.1.13.8.1 > = 1.1.13.8.1 Description ========== Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact ===== A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected class is called, this could result in the file being overwritten with the rights of the user running the script. Workaround ========= There is no known workaround at this time. Resolution ========= All Mono users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/mono-1.1.13.8.1" References ========= [ 1 ] CVE-2006-5072 https://www.cve.org/CVERecord?id=CVE-2006-5072 Availability =========== ThisGLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200611-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 28, 2006
Gentoo
91
security advisorygentoooverwrite riskGentoo GLSA 200509-21 Normal: Hylafax File Overwrite Risk
Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Hylafax: Insecure temporary file creation in xferfaxstats script Date: September 30, 2005 Bugs: #106882 ID: 200509-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= Hylafax is a client-server fax package for class 1 and 2 fax modems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/hylafax < 4.2.2 *> = 4.2.0-r3 *> = 4.2.1-r2 > = 4.2.2 Description ========== Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Impact ===== A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the xferfaxstats script of Hylafax is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user. Workaround ========= There is no known workaround at this time. Resolution ========= All Hylafax users should upgrade to the latestversion: # emerge --sync # emerge --ask --oneshot --verbose net-misc/hylafax References ========= [ 1 ] Original bug report Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200509-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 30, 2005
Gentoo
91
security advisoryupdategentooGentoo: 200508-19 Normal: Lm_sensors Linking Vulnerability Alert
lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lm_sensors: Insecure temporary file creation Date: August 30, 2005 Bugs: #103568 ID: 200508-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= lm_sensors is a software package that provides drivers for monitoring the temperatures, voltages, and fans of Linux systems with hardware monitoring devices. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/lm_sensors < 2.9.1-r1 > = 2.9.1-r1 Description ========== Javier Fernandez-Sanguino Pena has discovered that lm_sensorsinsecurely creates temporary files with predictable filenames when saving configurations. Impact ===== A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When the pwmconfig script of lm_sensors is executed, this would result in the file being overwritten with the rights of the user running the script, which typically is the root user. Workaround ========= There is no known workaround at this time. Resolution ========= All lm_sensors users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1" References ========= [ 1 ] CAN-2005-2672 https://www.cve.org/CVERecord?id=CAN-2005-2672 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 30, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!