Description of problem: Dvips uses insecure tmpnam() function to create files for temporary data while converting a DVI file to laser jet printer format. A local attacker could conduct a time-dependent attack by creating the files before dviljk uses them which could possibly lead into information leak and would permit the attacker to modify the processed data. Additional info: See URL filed for Gentoo report. The attached file fixes this problem by using a secure temporary directory together with other issues.
Created attachment 249481 [details] Fix for dviljk buffer overflows and /tmp race
The CVE identifier for this issue was requested.
Created attachment 250261 [details] A patch without the whitespace-wipe hunks, from Gentoo
Pinged Mitre about the need for CVE.
Fixed in rawhide. F8, F7, FC-6 pending.
tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex'
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex'
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Reporter changed to security-response-team by request of Jay Turner.
Statement: Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary.