Bug 582781

Summary: gource: predictable temporary filename
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: spoyarek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-10 10:56:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 582782    
Bug Blocks:    

Description Vincent Danen 2010-04-15 19:09:18 UTC 
A Debian bug report [1] notes that Gource creates its log file with a predictable name (/tmp/gource-$(UID).tmp), which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running Gource.

Fedora 12 and higher contain Gource and are affected by this issue.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Comment 1 Vincent Danen 2010-04-15 19:11:23 UTC 
Created gource tracking bugs for this issue

Affects: fedora-12 [bug 582782]
Comment 2 Siddhesh Poyarekar 2010-04-16 05:32:38 UTC 
Reported upstream as issue #65:

http://code.google.com/p/gource/issues/detail?id=65
Comment 3 Siddhesh Poyarekar 2010-04-16 07:58:29 UTC 
Fix that went upstream:

http://git.debian.org/?p=collab-maint/gource.git;a=patch;h=5aa2c8adfbe0ec3e5d802bfae8e5572562d911c7

This is also included in gource-0.26b. I'll rebase to it for rawhide and possibly F-13 and backport the patch for F-12.
Comment 4 Siddhesh Poyarekar 2010-04-16 08:33:00 UTC 
Built backport for rawhide:

http://koji.fedoraproject.org/koji/buildinfo?buildID=167217

Now we push.
Comment 5 Fedora Update System 2010-04-16 08:51:31 UTC 
gource-0.24-3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/gource-0.24-3.fc12
Comment 6 Fedora Update System 2010-04-16 08:51:40 UTC 
gource-0.24-3.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/gource-0.24-3.fc13
Comment 7 Fedora Update System 2010-04-20 13:17:50 UTC 
gource-0.24-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2010-04-20 13:29:04 UTC 
gource-0.24-3.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Siddhesh Poyarekar 2010-05-10 10:56:51 UTC 
Closing. This is already in stable

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers