Debian: 1.4-10 Critical Advisory For Elvis-Tiny Temp File Race Condition
debian
November 22, 2000
Topi Miettinen audited elvis-tiny and raised an issue covering the useand creation of temporary files.
Topics Covered
Summary
Topi Miettinen audited elvis-tiny and raised an issue covering the use
and creation of temporary files. Those files are created with a
predictable pattern and O_EXCL flag is not used when opening. This
makes users of elvis-tiny vulnerable to race conditions and/or data
lossage.
This problem has been fixed in version 1.4-10 and we recommend that
you upgrade your elvis-tiny packages immediately.
This problem does not exist in the big elvis package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
Slink is no longer being supported by the Debian Security Team. We
highly recommend an upgrade to the current stable release.
Debian GNU/Linux 2.2 alias potato
Potato was released for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures. Fixes are available for all of
them and will be included in 2.2r2.
Source archives:
MD5 checksum: d9c3bac777d0981f7ff5e9348dc93a4d
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: elvis-tiny
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!