© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Message-ID: <email address hidden>
Date: Mon, 1 Nov 2004 16:37:59 +0100
From: Martin Schulze <email address hidden>
To: <email address hidden>
Subject: CAN-2004-0972: Insecure temporary directory
Package: lvm10
Version: 1.0.8-7
Severity: grave
Tags: sarge, sid, patch, security
Trustix developers discovered insecure temporary file creation in a
supplemental script in the lvm10 package that didn't check for
existing temporary directories, allowing local users to overwrite
files via a symlink attack.
I'm attaching the patch we're using for the woody update.
Please let me know the version number of the fixed package. Please stick
the CVE Id from the subject to the changelog entry and upload with prio
set to high.
Regards,
Joey
--
This is GNU/Linux Country. On a quiet night, you can hear Windows reboot.
Please always Cc to me when replying to me on the lists.