I have seen the following on the Shorewall Mailing list: ------- Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0 users, the problem is corrected in version 2.0.3a: http://shorewall.net/pub/shorewall/shorewall-2.0.3a ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a For 1.4 users, the correct version is: http://shorewall.net/pub/shorewall/shorewall-1.4.10f ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f ------------ Does anyone know whether there are woody packages for these corrected versions? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "One thing have I desired of the LORD, that will I seek after; that I may dwell in the house of the LORD all the days of my life, to behold the beauty of the LORD, and to inquire in his temple." Psalms 27:4
Attachment:
signature.asc
Description: Digital signature