![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Eridani Star System <linux@eridani.co.uk> To: eridani-announce@eridani.co.uk Subject: [Eridani-Announce] ERISA-2002:014 - sharutils Date: Thu, 16 May 2002 23:24:44 +0100 (BST) ========================================================================= ERIDANI LINUX - SECURITY ANNOUNCEMENT ========================================================================= Package: sharutils Summary: uudecode does not check its output file. Date: 2002-05-16 ID: ERISA-2002:014 ========================================================================= Problem description: uudecode would blindly create its output file, without checking that it was a pipe or a symbolic link. A localuser could use uudecode to place data in a shared directory such as /tmp, and through this the attacker could overwrite files or gain extra privileges. ------------------------------------------------------------------------- Updated packages: 25907291a66c65863cc35809c9910151 sharutils-4.2.1-3.src.rpm 87cb6269e5aa0f70a3776cfe6898cdcb sharutils-4.2.1-3.i386.rpm ------------------------------------------------------------------------- References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178 ========================================================================= Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/ or by HTTP from http://ftp.eridani.co.uk/ Packages are signed with our GNU GPG key, also on our FTP site. Users of releases of Eridani Linux prior to 6.3 are advised to download the source RPM and rebuild for their system. Copyright (C)2002 Eridani Star System -- Michael "Soruk" McConnell http://www.eridani.co.uk Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more... _______________________________________________ Eridani-Announce mailing list To be removed from this list email linux@eridani.co.uk requesting removal.