LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New f2c packages fix insecure temporary files Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 661-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 20th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : f2c
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0017

Dan McMahill noticed that our our advisory DSA 661-1 did not correct
the multiple insecure files problem, hence, this update.  For
completeness below is the original advisory text:

  Javier Fernández-Sanguino Peña from the Debian Security Audit project
  discovered that f2c and fc, which are both part of the f2c package, a
  fortran 77 to C/C++ translator, open temporary files insecurely and
  are hence vulnerable to a symlink attack.  The Common
  Vulnerabilities and Exposures project identifies the following
  vulnerabilities:

  CAN-2005-0017

      Multiple insecure temporary files in the f2c translator.

For the stable distribution (woody) and all others including testing
this problem has been fixed in version 20010821-3.2.

We recommend that you upgrade your f2c package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.dsc
      Size/MD5 checksum:      519 9b2bb4378799e59604236b0b3ac9d071
    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.diff.gz
      Size/MD5 checksum:    28846 2d49723d6a8e1ea4f67737dd031d34c0
    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821.orig.tar.gz
      Size/MD5 checksum:   416017 f2527aed84c8db35c883615c3b9b8511

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_alpha.deb
      Size/MD5 checksum:   524226 0f5c34632212482cf65bb34353e8a22d

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_arm.deb
      Size/MD5 checksum:   470606 c6dd76b690a83e375f8c921d2b871b6e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_i386.deb
      Size/MD5 checksum:   423136 d1d1523248bc0da3216c9361e3674b6c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_ia64.deb
      Size/MD5 checksum:   678896 8f1fff444a7c3f19d0928b932c170b53

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_hppa.deb
      Size/MD5 checksum:   493478 add18234ac7c933ab0200fb31a085048

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_m68k.deb
      Size/MD5 checksum:   407490 4767c71a54b67e19d6039afa3e272f7b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mips.deb
      Size/MD5 checksum:   482944 8efcba5fae72fac7afdaa21985a24201

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mipsel.deb
      Size/MD5 checksum:   481100 0f45588cacac79ee241319f4a83fcb42

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_powerpc.deb
      Size/MD5 checksum:   455566 1b8f4f055268a71e99bd39ecc952cbef

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_s390.deb
      Size/MD5 checksum:   446284 333d26b19a55a4b564ba927cd5e689db

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_sparc.deb
      Size/MD5 checksum:   467270 743a0e4974deed21925aba2900942338


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.