Debian: scrollkeeper tmp file vulnerability
Summary
Spybreak discovered a problem in scrollkeeper, a free electronic
cataloging system for documentation. The scrollkeeper-get-cl program
creates temporary files in an insecure manner in /tmp using guessable
filenames. Since scrollkeeper is called automatically when a user
logs into a Gnome session, an attacker with local access can easily
create and overwrite files as another user.
This problem has been fixed in version 0.3.6-3.1 for the current
stable distribution (woody) and in version 0.3.11-2 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected, since it doesn't contain the scrollkeeper package.
We recommend that you upgrade your scrollkeeper packages immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 761 f0ab585dd23c31804f94c9a97c4c3d8d
Size/MD5 checksum: 72068 889445a036c7b618e87a7e23aca5f641
Size/MD5 checksum: 405812 6500ce56d6926443fc8c15f37c79aa0a
Alpha architecture:
Size/MD5 checksum: 18446 471e49dab7c97860af932c3a09639c04
Size/MD5 checksum: 88266 e6e04bcd74a54a7196113d791205029a
Size/MD5 checksum: 82398 033f27b836ffaf8f08f36177f8253651
ARM architecture:
Size/MD5 checksum: 13412 6425afd69256a6333748d30d346e3482
Size/MD5 checksum: 86326 e50819ee737f344459e6ec6b9ddbf5d6
Size/MD5 checksum: 78352 bde15d75ee4ff34314c897ab61e2c55b
Intel IA-32 architecture:
Size/MD5 checksum: 12282 69e797d0c3e5e87bf59411f3b9416062
Size/MD5 checksum: 85814 c2124cd6d3528ec36d05c7bfe1a99a07
Size/MD5 checksum: 78818 a7e536042ebad89ed21fb27dcf41fc8f
Intel IA-64 architecture:
Size/MD5 checksum: 18888 13604ae70ee15f87d708806c5de55e2a
Size/MD5 checksum: 93456 d9b42065cfcdd6b8b284b18505b06f07
Size/MD5 checksum: 84730 54d3894395f4298f247cec050c18ac5e
HP Precision architecture:
Size/MD5 checksum: 17086 deadc423ce2455865656a3ea33914425
Size/MD5 checksum: 88734 61ebf5f9dcffd70b15600f811a19c0b4
Size/MD5 checksum: 80562 00a782bf063d4427e38d72de655985e1
Motorola 680x0 architecture:
Size/MD5 checksum: 12066 dc7607140883648fdd3b425301cf9163
Size/MD5 checksum: 85998 d93a48006aa2ed9b44927d6641802182
Size/MD5 checksum: 78362 2af3cf86241f588f94a4cde333ecf2f4
Big endian MIPS architecture:
Size/MD5 checksum: 15956 cc2e36432ec953056d108c8579193758
Size/MD5 checksum: 86102 09d6dd555e2a25ed352e7744e2eff1c9
Size/MD5 checksum: 79290 14e96a71b680fcc5ce5444152fb6359d
Little endian MIPS architecture:
Size/MD5 checksum: 16008 c9ef5a7a29cfd246f87890333bad1e07
Size/MD5 checksum: 85978 7b35ce0248eaf5b8ba49a321cf110f24
Size/MD5 checksum: 79144 9f1516c111cda395d16e90c9483cdda9
PowerPC architecture:
Size/MD5 checksum: 15294 b3333f4be631fe8a97682e5223e07f18
Size/MD5 checksum: 87168 971f19bc3c3794ef79a81da9ba4ef38d
Size/MD5 checksum: 79056 b9832303c7bdcf69cefc9d34a6fe1fb9
IBM S/390 architecture:
Size/MD5 checksum: 12718 4f1be77aab7f2e5cc0931e7bdfc812c3
Size/MD5 checksum: 86248 a2a24819fe422346952b9798b40a110e
Size/MD5 checksum: 79796 cb948cba0731dfb6906c12b6f7e98a80
Sun Sparc architecture:
Size/MD5 checksum: 13238 58b8da744d314f15b3f2291d8e528baa
Size/MD5 checksum: 86094 b0096bef6320d2a8dc4090d6e40cb523
Size/MD5 checksum: 82830 47b6895582d7be37526fd17a3816469a
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
