Bug 599621 (CVE-2010-2056)
Summary: | CVE-2010-2056 gv: Insecure (predictable) temporary file use | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | orion |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-07-15 16:02:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 599165 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2010-06-03 15:57:22 UTC
Relevant upstream changesets are: [4] http://git.savannah.gnu.org/cgit/gv.git/commit/?id=a17416c462e5b6c9cc7c98c5ea01f580152f2da9 (for change mentioned in [2]) [5] http://git.savannah.gnu.org/cgit/gv.git/commit/?id=73bb88a65dc1c6c9dc309b60b5454d9475cfccd9 (for change mentioned in [3]) This issue affects the versions of the gv package, as shipped with Fedora release of 11, 12, and 13 (they contains upstream changeset from [4], but don't contain upstream changeset from [5], which prevents [4] from proper function). This issue affects the versions of the gv package, as shipped within EPEL-4 and EPEL-5 repositories (versions here are missing both [4], [5] changes). Please fix. gv-3.6.91-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc11 gv-3.6.91-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/gv-3.6.91-1.el5 gv-3.6.91-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc13 gv-3.6.91-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc12 gv-3.6.91-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/gv-3.6.91-1.el4 gv-3.7.1-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/gv-3.7.1-1.el5 gv-3.7.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gv-3.7.1-1.fc12 gv-3.7.1-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/gv-3.7.1-1.el4 gv-3.7.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/gv-3.7.1-1.fc13 gv-3.7.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. gv-3.7.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. gv-3.7.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. gv-3.7.1-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. |