Date: Tue, 3 Oct 2000 11:28:02 -0300
Subject: Conectiva Linux Security Announcement - gnorpm
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : gnorpm
SUMMARY : Insecure use of /tmp
DATE : 2000-10-03 11:27:00
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1
Gnorpm versions prior to 0.95 use files in the /tmp dir in an
insecure manner. If gnorpm is run as root, this vulnerability could
lead to any file on the system being overwritten by gnorpm.
All gnorpm users should upgrade. The updated package also fixes
many other bugs besides the security problem. Different files are
needed depending on the version of the distribution. Please check
the URLs below for your specific version. Versions below 5.1 will
need also to update the RPM package. This must be the first package
to be updated. After it is installed, please run the following
command as root:
After this the other packages can be upgraded as usual.
We would like to thank Alan Cox for detecting the problem and
making a new version available.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.