[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] mgetty bugs

To: linux-security
Subject: [linux-security] mgetty bugs
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:21:41 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
insecure tempfile in mgetty

Problem Description
===================
mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack.

Affected Versions
=================
mgetty versions < 1.1.24

Solution
========
Upgrade to versions 1.1.24 or later.

Redhat 6.x
----------
rpm -Fvh mgetty-1.1.25-4.6.i386.rpm \
         mgetty-sendfax-1.1.25-4.6.i386.rpm \
         mgetty-viewfax-1.1.25-4.6.i386.rpm \
         mgetty-voice-1.1.25-4.6.i386.rpm

RedHat 7.x
----------
rpm -Fvh mgetty-1.1.25-5.i386.rpm \
         mgetty-sendfax-1.1.25-5.i386.rpm \
         mgetty-viewfax-1.1.25-5.i386.rpm \
         mgetty-voice-1.1.25-5.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to mgetty_1.1.21-3potato1_i386.deb,
           mgetty-fax_1.1.21-3potato1_i386.deb,
           mgetty-viewfax_1.1.21-3potato1_i386.deb,
           mgetty-voice_1.1.21-3potato1_i386.deb

Mandrake 7.1
------------
rpm -Fvh mgetty-1.1.24-1.2mdk.i586.rpm \
         mgetty-contrib-1.1.24-1.2mdk.i586.rpm \
         mgetty-sendfax-1.1.24-1.2mdk.i586.rpm \
         mgetty-viewfax-1.1.24-1.2mdk.i586.rpm \
         mgetty-voice-1.1.24-1.2mdk.i586.rpm

Mandrake 7.2
------------
rom -Fvh mgetty-1.1.24-1.1mdk.i586.rpm \
         mgetty-contrib-1.1.24-1.1mdk.i586.rpm \
         mgetty-sendfax-1.1.24-1.1mdk.i586.rpm \
         mgetty-viewfax-1.1.24-1.1mdk.i586.rpm \
         mgetty-voice-1.1.24-1.1mdk.i586.rpm

Prev by Date: [linux-security] new netscape version
Next by Date: [linux-security] samba security holes
Prev by thread: [linux-security] samba security holes
Next by thread: [linux-security] new netscape version
Index(es):
- Date
- Thread