Date: Fri, 15 Dec 2000 11:46:12 -0200
Subject: [CLA-2000:359-2] Conectiva Linux Security Announcement -
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : ed
SUMMARY : Insecure temporary file handling
DATE : 2000-12-15 11:27:00
ID : CLA-2000:359-2
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, 6.0
The "ed" editor creates temporary files in an insecure way, making
it vulnerable to symlink attacks.
The download links do the updated packages in the previous
announcement (CLA-2000:359) were incorrectly pointing to PAM
packages. This has now been fixed. We would like to thank Leonardo
Dias for reporting the error to us.
All users of the "ed" program should upgrade.
ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or
higher may use apt to perform upgrades:
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):