diff -Nru /tmp/AlMjyGsLhj/fireflier-1.1.6/changelog /tmp/XMThVibZue/fireflier-1.1.6/changelog --- /tmp/AlMjyGsLhj/fireflier-1.1.6/changelog 2005-12-17 17:31:20.000000000 +0100 +++ /tmp/XMThVibZue/fireflier-1.1.6/changelog 2007-07-08 00:30:19.000000000 +0200 @@ -1,3 +1,14 @@ +fireflier (1.1.6-2ubuntu0.6.06) dapper-security; urgency=low + + * SECURITY UPDATE: Unsafe tmp file handling + * Patch taken from fireflier 1.1.6-3etch1: + Fix the unsafe usage of temporary files, allowing arbitary file deletion. + * References: + DSA-1326 + CVE-2007-2837 + + -- Michael Bienia Sun, 08 Jul 2007 00:30:10 +0200 + fireflier (1.1.6-2build1) dapper; urgency=low * Rebuild KDE universe for libstdc++ transition diff -Nru /tmp/AlMjyGsLhj/fireflier-1.1.6/debian/changelog /tmp/XMThVibZue/fireflier-1.1.6/debian/changelog --- /tmp/AlMjyGsLhj/fireflier-1.1.6/debian/changelog 2005-12-17 17:31:20.000000000 +0100 +++ /tmp/XMThVibZue/fireflier-1.1.6/debian/changelog 2007-07-08 00:30:19.000000000 +0200 @@ -1,3 +1,14 @@ +fireflier (1.1.6-2ubuntu0.6.06) dapper-security; urgency=low + + * SECURITY UPDATE: Unsafe tmp file handling + * Patch taken from fireflier 1.1.6-3etch1: + Fix the unsafe usage of temporary files, allowing arbitary file deletion. + * References: + DSA-1326 + CVE-2007-2837 + + -- Michael Bienia Sun, 08 Jul 2007 00:30:10 +0200 + fireflier (1.1.6-2build1) dapper; urgency=low * Rebuild KDE universe for libstdc++ transition diff -Nru /tmp/AlMjyGsLhj/fireflier-1.1.6/debian/fireflier-server.init /tmp/XMThVibZue/fireflier-1.1.6/debian/fireflier-server.init --- /tmp/AlMjyGsLhj/fireflier-1.1.6/debian/fireflier-server.init 2005-09-09 16:06:20.000000000 +0200 +++ /tmp/XMThVibZue/fireflier-1.1.6/debian/fireflier-server.init 2007-07-08 00:17:27.000000000 +0200 @@ -20,9 +20,18 @@ exit 0 fi +# make sure we have a secure directory to make temporary files in. +function maketmpdir() { + if [ ! -d /var/run/fireflier ]; then + mkdir /var/run/fireflier + fi + chmod 0700 /var/run/fireflier +} + case "$1" in start) echo -n "Starting fireflier server: $NAME" + maketmpdir modprobe ip_queue start-stop-daemon --start --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON ;; diff -Nru /tmp/AlMjyGsLhj/fireflier-1.1.6/server/rules.cpp /tmp/XMThVibZue/fireflier-1.1.6/server/rules.cpp --- /tmp/AlMjyGsLhj/fireflier-1.1.6/server/rules.cpp 2005-09-09 16:06:20.000000000 +0200 +++ /tmp/XMThVibZue/fireflier-1.1.6/server/rules.cpp 2007-07-08 00:14:49.000000000 +0200 @@ -409,13 +409,13 @@ // create file with output of iptables (I use this as it is easier than using libiptc // and iptables itself should work more reliable than implementing this functionality myself) - strcpy(cmd, "rm -f /tmp/fireflier.rules && touch /tmp/fireflier.rules && chmod 0700 /tmp/fireflier.rules && "); + strcpy(cmd, "rm -f /var/run/fireflier/fireflier.rules && touch /var/run/fireflier/fireflier.rules && chmod 0700 /var/run/fireflier/fireflier.rules && "); strcat(cmd, IPTABLES[iptables_path]); - strcat(cmd, " -v -L -n --line-numbers > /tmp/fireflier.rules"); + strcat(cmd, " -v -L -n --line-numbers > /var/run/fireflier/fireflier.rules"); system(cmd); // should usually work - if (stat("/tmp/fireflier.rules", &filedes)==-1) + if (stat("/var/run/fireflier/fireflier.rules", &filedes)==-1) return 0; filesize=filedes.st_size; @@ -430,7 +430,7 @@ buffer[filesize]=0; // open rules file - if ((handle=open("/tmp/fireflier.rules", O_RDONLY))==-1) + if ((handle=open("/var/run/fireflier/fireflier.rules", O_RDONLY))==-1) return 0; if (read(handle, buffer, filesize)==-1) @@ -438,7 +438,7 @@ close(handle); // finally delete the rules file to clean up - unlink("/tmp/fireflier.rules"); + unlink("/var/run/fireflier/fireflier.rules"); return buffer; }