Bug 152703 - utempter symlink vulnerability
Summary: utempter symlink vulnerability
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: https://rhn.redhat.com/errata/RHSA-20...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-30 18:24 UTC by Barry K. Nathan
Modified: 2014-01-21 22:51 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:24:34 UTC 
This is described in RHSA-2004-175 (linked from this bug).

It should be trivial to recompile the SRPM for 7.2 through 8.0.



------- Additional Comments From jonny.strom 2004-05-01 06:08:30 ----

An patched utempter relase for Redhat 7.3 based on the Mandrake 10 patch are
avalible at:

http://av8.netikka.fi/~johnny/fedora_legacy/rh73/

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-6.7.3.1.legacy.i386.rpm
29bd22a0d7b19484c3b5bdc78cf4874a

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-6.7.3.1.legacy.src.rpm
095278d2a9ab63ceabc8383861f14b47

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-sec.patch
317cec87045c58529f45d6469fc8c2c5

Please test it.



------- Additional Comments From dwb7.edu 2004-05-04 06:09:59 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Installed your binary, yesterday. All seems well.

Just rebuilt your SRPM, today, and it built just fine.

- -DWB

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl7+0SY7s7uPf/IURAqNnAKCYYOKMKFaMQv3yftFvIpPtCxkwigCg1uA9
JCqUgEp383NDMoQAXIo2+bo=
=UkOM
-----END PGP SIGNATURE-----



------- Additional Comments From skvidal.edu 2004-05-04 18:51:43 ----

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
md5sum checks out
patch is obvious and simple
it builds happily
 
installs cleanly and runs as expected
PUBLISH
939781d812f3d00ab1762f74cfedb6b9527479bd  utempter-0.5.2-6.7.3.1.legacy.src.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFAmHK81Aj3x2mIbMcRAqNaAJ9yZ9SZxIM+TfiES7LiEwfNpTQA8QCgkU2x
cYMK59UoEXLKL3rHIYVvEjw=
=wI8a
-----END PGP SIGNATURE-----




------- Additional Comments From jpdalbec 2004-05-06 10:52:23 ----

The changelog entry doesn't list the correct version.



------- Additional Comments From jonny.strom 2004-05-06 10:55:22 ----

Yes that's right perhaps the correct version can be changed in the changelog
when the test relase is done.



------- Bug moved to this database by dkl 2005-03-30 18:24 -------

This bug previously known as bug 1546 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1546
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Note You need to log in before you can comment on or make changes to this bug.