Bug 152703 - utempter symlink vulnerability
utempter symlink vulnerability
Status: CLOSED CURRENTRELEASE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
https://rhn.redhat.com/errata/RHSA-20...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-30 14:24 EDT by Barry K. Nathan
Modified: 2014-01-21 17:51 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:24:34 EST
This is described in RHSA-2004-175 (linked from this bug).

It should be trivial to recompile the SRPM for 7.2 through 8.0.



------- Additional Comments From jonny.strom@netikka.fi 2004-05-01 06:08:30 ----

An patched utempter relase for Redhat 7.3 based on the Mandrake 10 patch are
avalible at:

http://av8.netikka.fi/~johnny/fedora_legacy/rh73/

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-6.7.3.1.legacy.i386.rpm
29bd22a0d7b19484c3b5bdc78cf4874a

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-6.7.3.1.legacy.src.rpm
095278d2a9ab63ceabc8383861f14b47

http://213.250.83.8/~johnny/fedora_legacy/rh73/utempter-0.5.2-sec.patch
317cec87045c58529f45d6469fc8c2c5

Please test it.



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-05-04 06:09:59 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Installed your binary, yesterday. All seems well.

Just rebuilt your SRPM, today, and it built just fine.

- -DWB

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl7+0SY7s7uPf/IURAqNnAKCYYOKMKFaMQv3yftFvIpPtCxkwigCg1uA9
JCqUgEp383NDMoQAXIo2+bo=
=UkOM
-----END PGP SIGNATURE-----



------- Additional Comments From skvidal@phy.duke.edu 2004-05-04 18:51:43 ----

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
md5sum checks out
patch is obvious and simple
it builds happily
 
installs cleanly and runs as expected
PUBLISH
939781d812f3d00ab1762f74cfedb6b9527479bd  utempter-0.5.2-6.7.3.1.legacy.src.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFAmHK81Aj3x2mIbMcRAqNaAJ9yZ9SZxIM+TfiES7LiEwfNpTQA8QCgkU2x
cYMK59UoEXLKL3rHIYVvEjw=
=wI8a
-----END PGP SIGNATURE-----




------- Additional Comments From jpdalbec@ysu.edu 2004-05-06 10:52:23 ----

The changelog entry doesn't list the correct version.



------- Additional Comments From jonny.strom@netikka.fi 2004-05-06 10:55:22 ----

Yes that's right perhaps the correct version can be changed in the changelog
when the test relase is done.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:24 -------

This bug previously known as bug 1546 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1546
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.