[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#521107: marked as done (unsafe /tmp usage)

Your message dated Sat, 05 Dec 2009 21:54:52 +0000
with message-id <E1NH2aa-0006rr-ED@ries.debian.org>
and subject line Bug#521107: fixed in xfs 1:1.0.8-2.2+lenny1
has caused the Debian Bug report #521107,
regarding unsafe /tmp usage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

521107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu jaunty


There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an unsafe fashion.  It seems that OpenSUSE has solved this as well:

"set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
Unfortunately $$ is predictable and there is no test, that
/tmp/.font-unix.$$ does not already exist. So especially symlink attacks
are possible. The attack is only possible, if /tmp/.font-unix does not
already exist. Then an attacker could create an /tmp/.font-unix file (not
directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
to an symlinked directory /tmp/.font-unix.XXXX."


[1] https://bugs.launchpad.net/bugs/299560
[2] https://bugzilla.novell.com/show_bug.cgi?id=408006

Kees Cook                                            @debian.org

--- End Message ---
--- Begin Message ---
Source: xfs
Source-Version: 1:1.0.8-2.2+lenny1

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

  to main/x/xfs/xfs_1.0.8-2.2+lenny1.diff.gz
  to main/x/xfs/xfs_1.0.8-2.2+lenny1.dsc
  to main/x/xfs/xfs_1.0.8-2.2+lenny1_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Tue, 10 Nov 2009 16:19:20 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-2.2+lenny1
Distribution: stable-proposed-updates
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
 xfs        - X font server
Closes: 521107
 xfs (1:1.0.8-2.2+lenny1) stable-proposed-updates; urgency=high
   * Unsafe /tmp usage fixed in the init script. Closes: #521107.
 1d0920f9d8bf4644957cc09e912be7c5d4f37a28 1261 xfs_1.0.8-2.2+lenny1.dsc
 5ae2fe90899600f58f8ff01a364d4a52394e2ae5 197220 xfs_1.0.8.orig.tar.gz
 e6002aba90e6a84eb0fcb64db4060b661fd46457 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 8ad90d53fabe9d922f3ac7cf2be7b415cf7557f9 92118 xfs_1.0.8-2.2+lenny1_i386.deb
 a7da0aa8ff3069be38fa131daf6e91a146c8515d10df99d1ffdd5eb6346f9fb2 1261 xfs_1.0.8-2.2+lenny1.dsc
 8722c0226556ec430052e9c2b01083faf3c261e7184d0af57f159c8afa73b375 197220 xfs_1.0.8.orig.tar.gz
 f7a19fed172d6a7db02569e4c35d275a07e23999dbe99a63c95e3666d918ee54 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 f057d83d67eac7188042aad7820926533e223fe90f70f49693ad4973b4a0068b 92118 xfs_1.0.8-2.2+lenny1_i386.deb
 a30847bd9ff08f6b76d175384d43d4cf 1261 x11 optional xfs_1.0.8-2.2+lenny1.dsc
 6c9e85034871db0caa4f47cc7d3cd409 197220 x11 optional xfs_1.0.8.orig.tar.gz
 af7a5e89608219977ec1c97e8f4f771d 39216 x11 optional xfs_1.0.8-2.2+lenny1.diff.gz
 90f55b1fff288db8451fa12563b702a8 92118 x11 optional xfs_1.0.8-2.2+lenny1_i386.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: