Date: Fri, 15 Dec 2000 11:46:12 -0200
Subject: [CLA-2000:359-2] Conectiva Linux Security Announcement -
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : ed
SUMMARY : Insecure temporary file handling
DATE : 2000-12-15 11:27:00
ID : CLA-2000:359-2
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, 6.0
The "ed" editor creates temporary files in an insecure way, making
it vulnerable to symlink attacks.
The download links do the updated packages in the previous
announcement (CLA-2000:359) were incorrectly pointing to PAM
packages. This has now been fixed. We would like to thank Leonardo
Dias for reporting the error to us.
All users of the "ed" program should upgrade.
ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or
higher may use apt to perform upgrades:
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.