I have seen the following on the Shorewall Mailing list:
-------
Javier Fernández-Sanguino Peña has discovered an exploitable
vulnerability in the way that Shorewall handles temporary files and
directories. The vulnerability can allow a non-root user to cause
arbitrary files on the system to be overwritten. LEAF Bering and
Bering
uClibc users are generally not at risk due to the fact that LEAF boxes
do not typically allow logins by non-root users.
For 2.0 users, the problem is corrected in version 2.0.3a:
http://shorewall.net/pub/shorewall/shorewall-2.0.3a
ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a
For 1.4 users, the correct version is:
http://shorewall.net/pub/shorewall/shorewall-1.4.10f
ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f
------------
Does anyone know whether there are woody packages for these corrected
versions?
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"One thing have I desired of the LORD, that will I seek
after; that I may dwell in the house of the LORD all
the days of my life, to behold the beauty of the LORD,
and to inquire in his temple."
Psalms 27:4
Attachment:
signature.asc
Description: Digital signature