[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2004-020 - lvm10: insecure temporary directory

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-020
http://www.skolelinux.no/security/                      Morten Werner Olsen
September 22, 2004              debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : lvm10
Vulnerability       : insecure temporary directory
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CAN-2004-0972
DSA ID              : DSA-583-1
DSA URL             : http://www.debian.org/security/2004/dsa-583

Trustix developers discovered insecure temporary file creation in a
supplemental script in the lvm10 package that didn't check for
existing temporary directories, allowing local users to overwrite
files via a symlink attack.

We recommend that you update your lvm10 package.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ stable/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get install lvm10'

to upgrade your lvm10 package.

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: