Red Hat Bugzilla – Bug 136318
CAN-2004-0968 temporary file vulnerabilities in catchsegv script
Last modified: 2007-11-30 17:07:04 EST
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec. After some refinement these were
made public on Sep30. These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.
Temporary file vulnerability in catchsegv. Patch attached.
Probably Affects: RHEL3
Created attachment 105440 [details]
glibcbug script is gone from CVS glibc (for 9 months already),
I'll make sure it disappears from RHEL2.1 and RHEL3 too.
For catchsegv a different patch has been committed upstream,
the remaining changes are incorrect.
glibcbug removed and catchsegv fixed in glibc-2.3.2-95.30.
This issue is going to be RHSA-2004:586
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.