Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 136302 - CAN-2004-0975 temporary file vulnerabilities in der_chop script
CAN-2004-0975 temporary file vulnerabilities in der_chop script
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssl (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-10-19 05:46 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-01 09:32:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (2.13 KB, patch)
2004-10-19 05:48 EDT, Mark J. Cox
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:476 normal SHIPPED_LIVE Moderate: openssl security update 2005-06-01 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2004-10-19 05:46:55 EDT
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec.  After some refinement these were
made public on Sep30.  These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.

Temporary file vulnerability in der_chop script.  Patch attached. 
However der_chop isn't a useful script and is deprecated.  Removing
der_chop script is a valid solution to this issue.

                Affects: RHEL3
                Affects: RHEL2.1
Comment 1 Mark J. Cox 2004-10-19 05:48:51 EDT
Created attachment 105431 [details]
Proposed patch
Comment 2 Mark J. Cox 2004-12-07 05:46:46 EST
Will be RHSA-2004:652
Comment 6 Josh Bressers 2005-06-01 09:32:43 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.