[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#521107: marked as done (unsafe /tmp usage)

Your message dated Wed, 18 Nov 2009 05:08:46 +0000
with message-id <E1NAcmc-0006KW-67@ries.debian.org>
and subject line Bug#521107: fixed in xfs 1:1.0.8-6
has caused the Debian Bug report #521107,
regarding unsafe /tmp usage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

521107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu jaunty


There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an unsafe fashion.  It seems that OpenSUSE has solved this as well:

"set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
Unfortunately $$ is predictable and there is no test, that
/tmp/.font-unix.$$ does not already exist. So especially symlink attacks
are possible. The attack is only possible, if /tmp/.font-unix does not
already exist. Then an attacker could create an /tmp/.font-unix file (not
directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
to an symlinked directory /tmp/.font-unix.XXXX."


[1] https://bugs.launchpad.net/bugs/299560
[2] https://bugzilla.novell.com/show_bug.cgi?id=408006

Kees Cook                                            @debian.org

--- End Message ---
--- Begin Message ---
Source: xfs
Source-Version: 1:1.0.8-6

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

  to main/x/xfs/xfs_1.0.8-6.diff.gz
  to main/x/xfs/xfs_1.0.8-6.dsc
  to main/x/xfs/xfs_1.0.8-6_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Wed, 18 Nov 2009 03:08:34 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-6
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
 xfs        - X font server
Closes: 521107
 xfs (1:1.0.8-6) unstable; urgency=low
   * QA upload.
   * Unsafe /tmp usage fixed in the init script. (Closes: #521107)
 81ef70e3fb82ce242f03ce2f55594c1bcb792712 1146 xfs_1.0.8-6.dsc
 f725af155fabe26ffd392ca5909e896f116be355 26679 xfs_1.0.8-6.diff.gz
 90746e84803621908afb40640653bba3858a01cd 83938 xfs_1.0.8-6_i386.deb
 f128934c6096fe8f466a8bcde19cd5d20a541f0f5d814c6a5fdc0aab524e8fe8 1146 xfs_1.0.8-6.dsc
 560a477f0e656b8457e2e75986d7eaa02345c99c48bea4df11b1ed89ead115a5 26679 xfs_1.0.8-6.diff.gz
 e6575137c80e8e1edc72bc2f02bfc20d5f67347385b96b60b4ad8e33f85090ae 83938 xfs_1.0.8-6_i386.deb
 925c85b4d6f04ca856cb2d80f40b76f1 1146 x11 optional xfs_1.0.8-6.dsc
 c1689b9eac7ff2d647add06cd1920840 26679 x11 optional xfs_1.0.8-6.diff.gz
 51f249ccaf05f7f700513b1974926fa6 83938 x11 optional xfs_1.0.8-6_i386.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: