Stay Secure with the Latest Linux Advisories

security advisorydebiansecurity fix

Debian 2.1 Security Advisory: Make Package Symlink Attack Risk

The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to arace condition that can be exploited with a symlink attack. make usedmktemp while creating temporary files in /tmp. and that is a knownpotential security hole, as documented in the man page of mktemp.. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Wichert Akkerman February 20, 2000 - ------------------------------------------------------------------------ Package: make Vulnerability type: symlink attack Debian-specific: no The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. make used mktemp while creating temporary files in /tmp. and that is a known potential security hole, as documented in the man page of mktemp. This has been fixed in version 3.77-5slink. We recommend you upgrade your make package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel ia32, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: MD5Dum: b8264b1f8579d810a6de5db634aeafe4 MD5Dum: 4cf0016add45fb2bb1986cdcf3df4df2 MD5Dum: 351d1492a17cd4b38f522037a2714a86 Alpha architecture: MD5Dum: a253a6d897edbc163595dbedefbfd8bc Intel ia32 architecture: MD5Dum: 78367bf9f0d309d732eaa57bc9008462 Motorola 680x0 architecture: MD5Dum: 678955fdde1a099db1ac7719e7026cbc Sun Sparc architecture: MD5Dum: 87b8ff54ca2f9c1113349da5cf591331 Architecture independent archive (for completeness): MD5Dum: cb63706913f8202c52ead1031a8494dc These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . - -- - ---------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOK8qeKjZR/ntlUftAQGxKAL/X1N44M+lxIbkQ7dLDatBYIpJJqYM9R1D D7CJ639a3d80AIlEEwcOdf2xpowtmHlHpx2gYkdLdDHNqEXU8KtQNjXUzTk/qGch eydtFSjjhD/wqXLrMTqXzc7HNETlzLdR =jMyO -----END PGP SIGNATURE----- . Ubuntu security alert concerning the tar program vulnerable to symbolic link exploits, resulting in possible timing attack dangers.. Debian Security Advisory, Make Package Fix, Symlink Attack Details. . Severity: Important. LinuxSecurity.com Team

Feb 21, 2000 •Important Debian