Bugtraqmailing list archives
[USN-49-1] debmake vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 23 Dec 2004 12:35:34 +0100
===========================================================Ubuntu Security Notice USN-49-1 December 23, 2004debmake vulnerabilityCAN-2004-1179===========================================================A security issue affects the following Ubuntu releases:Ubuntu 4.10 (Warty Warthog)The following packages are affected:debmakeThe problem can be corrected by upgrading the affected package toversion 3.7.4ubuntu0.1. In general, a standard system upgrade issufficient to effect the necessary changes.Details follow:Javier Fernández-Sanguino Peña noticed that the debstd script fromdebmake, a deprecated helper package for Debian packaging, createdtemporary directories in an insecure manner. This could allow asymlink attack to create or overwrite arbitrary files with theprivileges of the user invoking the program. Source archives:http://security.ubuntu.com/ubuntu/pool/main/d/debmake/debmake_3.7.4ubuntu0.1.dsc Size/MD5: 565 530fc54f928a366dfbec2188ac5bd2d7http://security.ubuntu.com/ubuntu/pool/main/d/debmake/debmake_3.7.4ubuntu0.1.tar.gz Size/MD5: 40185 4f465bc55202b85579283f0a6e48a07c Architecture independent packages:http://security.ubuntu.com/ubuntu/pool/main/d/debmake/debmake_3.7.4ubuntu0.1_all.deb Size/MD5: 44686 85d26bbc8e69cb24b8f3e6b5632f4814
Attachment:signature.asc
Description: Digital signature
Current thread:
- [USN-49-1] debmake vulnerabilityMartin Pitt (Dec 23)