Paul Szabo reported: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10 a deficiency in the way gv handled temporary file creation, when used for opening Portable Document Format (PDF) files. A local attacker could use this flaw to conduct symlink attacks, potentially leading to denial of service (un-athorized overwrite of file content). References: [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=89;filename=004.diff;att=1;bug=583668 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583668#100 Just for the record from [2]: <begin quote> This bug was fixed upstream in 3.6.5.90-1, the first version after lenny. :-( Attached is a simplified version (without the configure changes as Debian has mkstemp) that should fix this in lenny. Bernhard R. Link <end quote> and from [3]: <begin quote> Just for the records: In 3.6.5.90 (upstream) the configure-script was broken. Commit 73bb88a65dc1c6c9dc309b60b5454d9475cfccd9 repaired the defect (and changed other things): --- a/gv/configure.ac +++ b/gv/configure.ac @@ -92,7 +92,7 @@ AC_CHECK_LIB(Xinerama, main, , , $X_LIBS) opt_mkstemp=false -AC_CHECK_FUNCS([mkstemp],[opt_setenv_code=true],[opt_setenv_code=false]) +AC_CHECK_FUNCS([mkstemp],[opt_mkstemp=true],[opt_mkstemp=false]) AM_CONDITIONAL(HAVE_MKSTEMP, test x$opt_mkstemp = xtrue) So the bugfix was disfunctional until configure.ac has been fixed. :-( And even worse: Nobody noticed that a rather long time. <end quote>
Relevant upstream changesets are: [4] http://git.savannah.gnu.org/cgit/gv.git/commit/?id=a17416c462e5b6c9cc7c98c5ea01f580152f2da9 (for change mentioned in [2]) [5] http://git.savannah.gnu.org/cgit/gv.git/commit/?id=73bb88a65dc1c6c9dc309b60b5454d9475cfccd9 (for change mentioned in [3])
This issue affects the versions of the gv package, as shipped with Fedora release of 11, 12, and 13 (they contains upstream changeset from [4], but don't contain upstream changeset from [5], which prevents [4] from proper function). This issue affects the versions of the gv package, as shipped within EPEL-4 and EPEL-5 repositories (versions here are missing both [4], [5] changes). Please fix.
gv-3.6.91-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc11
gv-3.6.91-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/gv-3.6.91-1.el5
gv-3.6.91-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc13
gv-3.6.91-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gv-3.6.91-1.fc12
gv-3.6.91-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/gv-3.6.91-1.el4
gv-3.7.1-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/gv-3.7.1-1.el5
gv-3.7.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gv-3.7.1-1.fc12
gv-3.7.1-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/gv-3.7.1-1.el4
gv-3.7.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/gv-3.7.1-1.fc13
gv-3.7.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
gv-3.7.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
gv-3.7.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
gv-3.7.1-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.