Re: Apt-get only security patches

To: debian-security@lists.debian.org
Subject: Re: Apt-get only security patches
From: Nick Boyce <nick@glimmer.demon.co.uk>
Date: Thu, 08 May 2003 01:19:51 +0100
Message-id: <g68jbvcfkkmfgl0g1su3n2sk8imhdafokh@4ax.com>
In-reply-to: <630C1976EE416B44A0F38020D67F578816A3EF@galileo.ifoni.com>
References: <630C1976EE416B44A0F38020D67F578816A3EF@galileo.ifoni.com>

On Wed, 7 May 2003 10:35:45 +0200, Rudolph van Graan wrote:

>... For example on one of my "stable" machines,
>the following happens when I do apt-get upgrade -u:
>
>The following packages will be upgraded
>  kdewallpapers mime-support
>2 packages upgraded, 0 newly installed, 0 to remove and 0  not upgraded.
>Need to get 0B/1030kB of archives. After unpacking 105kB will be freed.
>Do you want to continue? [Y/n]
>
>Obviously neither is of real security importance

The mime-support update *is* a security update !

See http://www.debian.org/security/2003/dsa-292

"When a temporary file is to be used it is created insecurely"

"allows local users to overwrite arbitrary files via a symlink attack
on temporary files"

So if you're the only user on the machine then I suppose you needn't
worry.

Cheers

Nick Boyce
Bristol, UK
--
There is no spoon.

Reply to:

References:
- Apt-get only security patches
  - From: "Rudolph van Graan" <rvg@ifoni.com>

Prev by Date: Re: Apt-get only security patches
Next by Date: Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Previous by thread: Re: Apt-get only security patches
Next by thread: RE: Apt-get only security patches
Index(es):
- Date
- Thread