Bug#521107: marked as done (unsafe /tmp usage)

To: Luciano Bello <luciano@debian.org>
Subject: Bug#521107: marked as done (unsafe /tmp usage)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 05 Dec 2009 21:57:09 +0000
Message-id: <[🔎] handler.521107.D521107.126005009313690.ackdone@bugs.debian.org>
References: <E1NH2aa-0006rr-ED@ries.debian.org> <20090324215025.GC17595@outflux.net>

Your message dated Sat, 05 Dec 2009 21:54:52 +0000
with message-id <E1NH2aa-0006rr-ED@ries.debian.org>
and subject line Bug#521107: fixed in xfs 1:1.0.8-2.2+lenny1
has caused the Debian Bug report #521107,
regarding unsafe /tmp usage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
521107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bugs <submit@bugs.debian.org>
Subject: unsafe /tmp usage
From: Kees Cook <kees@debian.org>
Date: Tue, 24 Mar 2009 14:50:25 -0700
Message-id: <20090324215025.GC17595@outflux.net>

Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu jaunty

Hello,

There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an unsafe fashion.  It seems that OpenSUSE has solved this as well:

"set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
Unfortunately $$ is predictable and there is no test, that
/tmp/.font-unix.$$ does not already exist. So especially symlink attacks
are possible. The attack is only possible, if /tmp/.font-unix does not
already exist. Then an attacker could create an /tmp/.font-unix file (not
directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
to an symlinked directory /tmp/.font-unix.XXXX."

-Kees

[1] https://bugs.launchpad.net/bugs/299560
[2] https://bugzilla.novell.com/show_bug.cgi?id=408006

-- 
Kees Cook                                            @debian.org

--- End Message ---

--- Begin Message ---

To: 521107-close@bugs.debian.org
Subject: Bug#521107: fixed in xfs 1:1.0.8-2.2+lenny1
From: Luciano Bello <luciano@debian.org>
Date: Sat, 05 Dec 2009 21:54:52 +0000
Message-id: <E1NH2aa-0006rr-ED@ries.debian.org>

Source: xfs
Source-Version: 1:1.0.8-2.2+lenny1

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

xfs_1.0.8-2.2+lenny1.diff.gz
  to main/x/xfs/xfs_1.0.8-2.2+lenny1.diff.gz
xfs_1.0.8-2.2+lenny1.dsc
  to main/x/xfs/xfs_1.0.8-2.2+lenny1.dsc
xfs_1.0.8-2.2+lenny1_i386.deb
  to main/x/xfs/xfs_1.0.8-2.2+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 10 Nov 2009 16:19:20 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-2.2+lenny1
Distribution: stable-proposed-updates
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 xfs        - X font server
Closes: 521107
Changes: 
 xfs (1:1.0.8-2.2+lenny1) stable-proposed-updates; urgency=high
 .
   * Unsafe /tmp usage fixed in the init script. Closes: #521107.
Checksums-Sha1: 
 1d0920f9d8bf4644957cc09e912be7c5d4f37a28 1261 xfs_1.0.8-2.2+lenny1.dsc
 5ae2fe90899600f58f8ff01a364d4a52394e2ae5 197220 xfs_1.0.8.orig.tar.gz
 e6002aba90e6a84eb0fcb64db4060b661fd46457 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 8ad90d53fabe9d922f3ac7cf2be7b415cf7557f9 92118 xfs_1.0.8-2.2+lenny1_i386.deb
Checksums-Sha256: 
 a7da0aa8ff3069be38fa131daf6e91a146c8515d10df99d1ffdd5eb6346f9fb2 1261 xfs_1.0.8-2.2+lenny1.dsc
 8722c0226556ec430052e9c2b01083faf3c261e7184d0af57f159c8afa73b375 197220 xfs_1.0.8.orig.tar.gz
 f7a19fed172d6a7db02569e4c35d275a07e23999dbe99a63c95e3666d918ee54 39216 xfs_1.0.8-2.2+lenny1.diff.gz
 f057d83d67eac7188042aad7820926533e223fe90f70f49693ad4973b4a0068b 92118 xfs_1.0.8-2.2+lenny1_i386.deb
Files: 
 a30847bd9ff08f6b76d175384d43d4cf 1261 x11 optional xfs_1.0.8-2.2+lenny1.dsc
 6c9e85034871db0caa4f47cc7d3cd409 197220 x11 optional xfs_1.0.8.orig.tar.gz
 af7a5e89608219977ec1c97e8f4f771d 39216 x11 optional xfs_1.0.8-2.2+lenny1.diff.gz
 90f55b1fff288db8451fa12563b702a8 92118 x11 optional xfs_1.0.8-2.2+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksVXA4ACgkQQWTRs4lLtHmT4QCePQHOY1MHOK5TvaGCKenknuj+
u/4An1sHOXSBSObVJ/BlpgaLOkwY/GW6
=DZrF
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#548073: marked as done (installation of otrs2 breaks apache configuration)
Next by Date: Processing of libdiscid_0.2.2-1_i386.changes
Previous by thread: Bug#548073: marked as done (installation of otrs2 breaks apache configuration)
Next by thread: Processing of libdiscid_0.2.2-1_i386.changes
Index(es):
- Date
- Thread