Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0118 to the following vulnerability: Name: CVE-2010-0118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0118 Assigned: 20100104 Reference: BUGTRAQ:20100222 Secunia Research: Bournal Insecure Temporary Files Security Issue Reference: URL: http://www.securityfocus.com/archive/1/archive/1/509685/100/0/threaded Reference: MISC: http://secunia.com/secunia_research/2010-6/ Reference: BID:38353 Reference: URL: http://www.securityfocus.com/bid/38353 Reference: SECUNIA:38554 Reference: URL: http://secunia.com/advisories/38554 Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0119 to the following vulnerability: Name: CVE-2010-0119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0119 Assigned: 20100104 Reference: BUGTRAQ:20100222 Secunia Research: Bournal ccrypt Information Disclosure Security Issue Reference: URL: http://www.securityfocus.com/archive/1/archive/1/509688/100/0/threaded Reference: MISC: http://secunia.com/secunia_research/2010-7/ Reference: BID:38352 Reference: URL: http://www.securityfocus.com/bid/38352 Reference: SECUNIA:38723 Reference: URL: http://secunia.com/advisories/38723 Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." Current Fedora version is 1.3 and is vulnerable. Please update to the latest 1.4.1 release to correct the above two vulnerabilities (CVE-2010-0119 indicates it is present due to a buggy ccrypt implementation on FreeBSD, so likely does not affect us at all, but noted for completeness).
bournal-1.4.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/bournal-1.4.1-1.fc12
bournal-1.4.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/bournal-1.4.1-1.fc13
bournal-1.4.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/bournal-1.4.1-1.fc11
bournal-1.4.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
bournal-1.4.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
bournal-1.4.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.