From: EnGarde Secure Linux <security@guardiandigital.com>
Subject: [ESA-20010509-01] pine temporary file handling vulnerabilities
Date: Wed, 23 May 2001 17:18:28 -0400 (EDT)
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory May 23, 2001 |
| http://www.engardelinux.org/ ESA-20010509-01 |
| |
| Package: pine |
| Summary: pine temporary file handling problems |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, complete e-commerce using AllCommerce,
and integrated open source security tools.
OVERVIEW
--------
There are various temporary file handling problems in the version of
pine which shipped with EnGarde Secure Linux version 1.0.1.
DETAIL
------
All versions of the pine email client and the pico text editor have
temporary file handling problems. Any local user can potentially
overwrite any file on the system, including those belonging to root.
These bugs have been fixed in this update.
There were also some non-security bugs in the pinepgp helper programs
which have been resolved with this updated package.
SOLUTION
--------
All users running pine should upgrade to the most recent version,
as outlined in this advisory. All updates can be found at:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
To install the updated package, execute the command:
rpm -Uvh <filename>
To verify the signature of the updated packages, execute the command:
rpm -Kv <filename>
UPDATED PACKAGES
----------------
Source Packages:
SRPMS/pine-4.33-1.0.5.src.rpm
MD5 Sum: 42c27633af1ad224046dd098d5564eb5
Binary Packages:
i386/pine-4.33-1.0.5.i386.rpm
MD5 Sum: 6e2a3db38bd02ccf4ef60dfe8e343814
i686/pine-4.33-1.0.5.i686.rpm
MD5 Sum: 9c99552c6caa037594504cf2f3f3eea1
REFERENCES
----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
pine's official web site:
http://www.washington.edu/pine/
----------------------------------------------------------------------------
$Id: 2001.05.09-pine,v 1.1 2001/05/09 14:09:24 rwm Exp $
----------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>>
Copyright 2001, Guardian Digital, Inc.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.