An insecure temporary file use flaw was found in the way the LaTeX module of Gajim, a PyGTK based Jabber client, performed (La)TeX source code to PNG image file conversion. A local attacker could use this flaw to conduct symbolic link attacks (overwrite or remove files, belonging to the user account, gajim executable was run in context of). CVE Request: [1] http://www.openwall.com/lists/oss-security/2012/04/10/6 CVE Assignment: [2] http://www.openwall.com/lists/oss-security/2012/04/10/15
This issue affects the versions of the gajim package, as shipped with Fedora EPEL 5, Fedora EPEL 6, and Fedora release of 15 and 16. Please schedule an update (once there is final upstream patch known).
Created gajim tracking bugs for this issue Affects: fedora-all [bug 811654] Affects: epel-all [bug 811655]
Upstream patch proposal (though I am not sure this would completely prevent the issue => needs devel review and confirmation): [3] http://hg.gajim.org/gajim/rev/bac8e353d25c
(In reply to comment #3) > Upstream patch proposal (though I am not sure this would completely prevent the > issue => needs devel review and confirmation): > > [3] http://hg.gajim.org/gajim/rev/bac8e353d25c It makes an attack harder, but is still not fully safe.
(In reply to comment #4) > (In reply to comment #3) > > Upstream patch proposal (though I am not sure this would completely prevent the > > issue => needs devel review and confirmation): > > > > [3] http://hg.gajim.org/gajim/rev/bac8e353d25c > > It makes an attack harder, but is still not fully safe. Thanks, Michal. Would it be possible then completely to get rid of 'gajimtex_' string when trying to create temporary file location, and make it fully random? (to prevent this) Thanks, Jan.
gajim-0.15-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
gajim-0.15-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
gajim-0.15-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
gajim-0.14.4-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.