Debian: New noweb packages fix insecure temporary file creation
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 968-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 13th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : noweb Vulnerability : insecure temporary file Problem type : local Debian-specific: no CVE ID : CVE-2005-3342 Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit project discovered that a script in noweb, a web like literate-programming tool, creates a temporary file in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 2.9a-7.4. For the stable distribution (sarge) this problem has been fixed in version 2.10c-3.2. For the unstable distribution (sid) this problem has been fixed in version 2.10c-3.2. We recommend that you upgrade your nowebm package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 607 bf3b668844d776f0a6407b0d101387c8 Size/MD5 checksum: 41695 7b801aef10ce6464b1877d17975f82a4 Size/MD5 checksum: 687372 1096b16aaa281a97e269eb5d80236296 Alpha architecture: Size/MD5 checksum: 1339666 ead77005297d67d7edbae25beb36a3c1 ARM architecture: Size/MD5 checksum: 1061550 0bf9e6154471326e6d075ff1de8377d6 Intel IA-32 architecture: Size/MD5 checksum: 964162 d825f5232dc13f83f64e7c7c7a1da1d5 HP Precision architecture: Size/MD5 checksum: 1257692 ca737693fa77c65177318945ef0ebb21 Motorola 680x0 architecture: Size/MD5 checksum: 920590 9a2e3e06262ccbcf8f5a4d2c9a86a7d5 Big endian MIPS architecture: Size/MD5 checksum: 1145392 08e92aef2a6dd4266b55a8daed3277b2 Little endian MIPS architecture: Size/MD5 checksum: 1142188 9a97dbda4c8451ceeabaa89e3d27ea14 PowerPC architecture: Size/MD5 checksum: 1063836 2b752a9a33a3cdde5bd638cb1ce29301 IBM S/390 architecture: Size/MD5 checksum: 984310 659e07e3b2b1be956b97f6eab9afa478 Sun Sparc architecture: Size/MD5 checksum: 1094822 31bad539ee4c6cca00a982a168cd8e31 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 613 caa2eea783c5422d9228b21d0336d15c Size/MD5 checksum: 11237 5b3d362fb1c1bac5c547969fed01a6a3 Size/MD5 checksum: 712332 30bbacf1fb2a402410e5ad2fb600d9fc Alpha architecture: Size/MD5 checksum: 538598 08451e42ced3107985de6175e579796a AMD64 architecture: Size/MD5 checksum: 535386 973680293dc7b0e778bcbb25db41a0b1 ARM architecture: Size/MD5 checksum: 519836 9845b6c4fd1d774393bc1a502a9c94fb Intel IA-32 architecture: Size/MD5 checksum: 516632 1cb91db43945c118f9f66b48ed2e6daa Intel IA-64 architecture: Size/MD5 checksum: 552976 29019df9ab966e815ddf02abbaa20e91 HP Precision architecture: Size/MD5 checksum: 525442 b6cfdbb4482a73bedc16156d141e1c09 Motorola 680x0 architecture: Size/MD5 checksum: 520616 9ed973c5d96aff4e3b20a437a9228ef3 Big endian MIPS architecture: Size/MD5 checksum: 532836 947e80ca3fae44b4152314d5433d92d6 Little endian MIPS architecture: Size/MD5 checksum: 530754 095d4a98e980b8085c5c91599e69975b PowerPC architecture: Size/MD5 checksum: 522700 f8828ede194357d5f7e062aa172c8cb7 IBM S/390 architecture: Size/MD5 checksum: 524992 b5aa4136babd2b29b37c1c899e65428c Sun Sparc architecture: Size/MD5 checksum: 522776 4d8491cba2d49a6ec196d0241ac1b840 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.