Bug 182286
| Summary: | CVE-2003-1294 xscreensaver temporary file flaws | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Mark J. Cox <mjc> | ||||
| Component: | xscreensaver | Assignee: | Ray Strode [halfline] <rstrode> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3.0 | Keywords: | Security | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | reported=20031103,impact=low,public=20031128,source=vendorsec | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-20 13:24:42 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 124968 [details]
Proposed patch as used by SUSE
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue. |
Stan Bubrouski contacted jwz the maintainer of xscreensaver and cc'd Red Hat security folks on 20031031 to report an insecure temporary file flaw introduced in xscreensaver version 4.14. This was due to a bit of debugging code that got left in by mistake, it was removed in 4.15, and therefore didn't affect any RHEL releases. This was CVE-2003-0885. However SUSE then found some other suspect temporary file issues which also got silently fixed in 4.15 release. I've applied for a CVE name for these.