Bug 154049

Summary: CAN-2005-0990 insecure temp file usage
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: sharutilsAssignee: Than Ngo <than>
Status: CLOSED ERRATA QA Contact: Jay Turner <jturner>
Severity: low Docs Contact:
Priority: medium    
Version: 4.0CC: srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050331,source=cve,reported=20050506
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-26 16:31:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-04-06 20:45:38 UTC 
The way sharutils handles temporary files is insecure (as reported by the Debian
BTS):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412

The Debian bug contains a patch for this issue.
Comment 1 Josh Bressers 2005-04-06 20:46:54 UTC 
This issue should also affect RHEL2.1 and RHEL3
Comment 2 Than Ngo 2005-04-14 11:15:32 UTC 
it's fixed in sharutils-4.2.1-8.9.x (RHEL2.1) and sharutils-4.2.1-16.2 (RHEL3)
Comment 3 Josh Bressers 2005-04-26 16:31:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-377.html