Insecure temporary file use in OCAL code
Bug #191847 reported by
Lubomir Rintel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Inkscape |
Fix Released
|
Medium
|
Kees Cook | ||
inkscape (Fedora) |
Fix Released
|
Low
|
Bug Description
Here are the patches:
This one is ugly. Pardon me, I never wrote C++ code longer than three lines before.
If someone uses "Mentor someone fixing this bug" I'd be very happy.
http://
This one is not as ugly as first. Also contains workaround for bug #179326
http://
Changed in inkscape: | |
milestone: | none → 0.46 |
Changed in inkscape: | |
status: | Unknown → Confirmed |
Changed in inkscape: | |
status: | Confirmed → Fix Released |
Changed in inkscape (Fedora): | |
importance: | Unknown → Low |
To post a comment you must log in.
Description of problem:
Inkscape uses predictable names for OCAL feed's and thumbnails' temporary files,
which make it possible for a local attacker to overwrite files via symlink attack.