Bug 140061
| Summary: | CAN-2004-0975 temporary file vulnerabilities in der_chop script | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Josh Bressers <bressers> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.1 | CC: | dff, mjc, nalin |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=low,public=20040930,reported=20040910,source=vendorsec | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-06-01 13:32:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We're quite happy to have these fixed in future updates as required and not to issue a RHSA especially for this issue. Of course, but is it worth to release it in U7 update? I'd rather wait for another problem to appear and then include it. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-476.html |
On September 10th 2004, Trustix shared some temporary file vulnerabilities with vendor-sec. After some refinement these were made public on Sep30. These are minor issues (impact: LOW) and therefore should be fixed in future updates, but don't deserve their own security advisory. Temporary file vulnerability in der_chop script. Patch attached. However der_chop isn't a useful script and is deprecated. Removing der_chop script is a valid solution to this issue. Proposed patch is attachment 105431 [details].