Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 9 xastir Security Advisory: Critical Insecure File Issue

Multiple insecure temporary file usage flaws were identified in the get-maptools.sh and get_shapelib.sh scripts shipped in xastir packages. As those scripts are not needed with Fedora-distributed xastir packages (they automate installation of libraries used by xastir, which are provided in the Fedora archive in the pre-packaged RPM format), they were removed.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2008-7541 2008-09-05 10:50:44 --------------------------------------------------------------------------------Name : xastir Product : Fedora 9 Version : 1.9.2 Release : 9.fc9 URL : Summary : Amateur Station Tracking and Reporting system for amateur radio Description : Xastir is a graphical application that interfaces HAM radio and internet access to realtime mapping software. Install XASTIR if you are interested in APRS(tm) and HAM radio software. --------------------------------------------------------------------------------Update Information: Multiple insecure temporary file usage flaws were identified in the get-maptools.sh and get_shapelib.sh scripts shipped in xastir packages. As those scripts are not needed with Fedora-distributed xastir packages (they automate installation of libraries used by xastir, which are provided in the Fedora archive in the pre-packaged RPM format), they were removed. --------------------------------------------------------------------------------ChangeLog: * Thu Aug 28 2008 Lucian Langa - 1.9.2-9 - drop uneeded and potential risky files (bug #460429) * Thu Aug 28 2008 Lucian Langa - 1.9.2-8 - fix insecure auxiliary /tmp file usage bug #460429 * Tue Jul 8 2008 Lucian Langa - 1.9.2-7 - Rebuild against newer db4 headers/libs * Fri Jun 6 2008 Lucian Langa - 1.9.2-6 - Rebuild against gpsman, festival, Berkley DB, gdal * Sun May 18 2008 Lucian Langa - 1.9.2-5 - Patch for newer wgetsupport --------------------------------------------------------------------------------References: [ 1 ] Bug #460429 - xastir: Insecure auxiliary /tmp file usage (symlink attack possible) https://bugzilla.redhat.com/show_bug.cgi?id=460429 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c ''yum update xastir'' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Several vulnerabilities involving insecure file handling discovered in xastir scripts for Fedora 9; users are advised to apply updates.. Fedora Update,xastir patch,insecure files,HAM radio,system security. . Severity: Critical. LinuxSecurity.com Team

Sep 10, 2008 •Critical Fedora