Bug 368611 (CVE-2007-5936)
Summary: | CVE-2007-5936 dviljk uses insecure temporary file | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Red Hat Product Security <security-response-team> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | unspecified | CC: | jlieskov, mjc | ||||||
Target Milestone: | --- | Keywords: | Reopened, Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://bugs.gentoo.org/show_bug.cgi?id=198238 | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | 3.0-40.3.fc7 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2010-05-07 08:22:38 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 379831, 379841, 379851, 379861, 577309, 577322, 577323, 577328, 577329 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Lubomir Kundrak
2007-11-06 17:54:41 UTC
Created attachment 249481 [details]
Fix for dviljk buffer overflows and /tmp race
The CVE identifier for this issue was requested. Created attachment 250261 [details]
A patch without the whitespace-wipe hunks, from Gentoo
Pinged Mitre about the need for CVE. Fixed in rawhide. F8, F7, FC-6 pending. tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex' tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex' tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Reporter changed to security-response-team by request of Jay Turner. Statement: Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary. |