Bug 154051

Summary: CAN-2005-0990 unsecure temp file usage
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: sharutilsAssignee: Than Ngo <than>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 3CC: marius.andreiana
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050331,source=cve,reported=20050506
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-20 07:32:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 154991    

Description Josh Bressers 2005-04-06 20:50:37 UTC 
+++ This bug was initially created as a clone of Bug #154049 +++

The way sharutils handles temporary files is insecure (as reported by the Debian
BTS):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412

The Debian bug contains a patch for this issue.
Comment 1 Josh Bressers 2005-04-06 20:51:55 UTC 
This issue also affects FC2
Comment 2 Than Ngo 2005-04-14 11:23:39 UTC 
it's now fixed in sharutils-4.2.1-22.2.FC3 and sharutils-4.2.1-18.2.FC2
Comment 4 Marius Andreiana 2005-08-20 07:32:39 UTC 
FC3 updates are out, FC2 is no longer supported.