Bash is the default shell used in a standard Conectiva Linux
installation. There is a vulnerability regarding the use of
"<<" redirectors. If used, the shell creates a temporary file
in /tmp with a predictable filename (the only variant is the PID).
Additionally, it was not being opened exclusively. This can be used
by an attacker to overwrite arbitrary files in the system. At least
one initialization script (rc.sysinit) uses "<<", and it is
run as root at boot time.
Users of Conectiva Linux version 6.0 or higher may use apt to
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.