[Secure-testing-team] libfwbuilder8: Security issue with temporary file handling
Sylvestre Ledru
sylvestre at debian.org
Sat Sep 19 10:19:06 UTC 2009
Package: libfwbuilder8
Version: 3.0.5-1
Severity: grave
Tags: security
Justification: user security hole
Upstream says:
This release [3.0.7] fixes security issue with temporary file handling
in the generated iptables script that affects only Linux systems where
Firewall Builder is used to generate static routing configuration.
The problem was introduced in v3.0.4 and is now fixed.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (600, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libfwbuilder8 depends on:
ii libc6 2.9-25 GNU C Library: Shared
libraries
ii libgcc1 1:4.4.1-1 GCC support library
ii libsnmp15 5.4.1~dfsg-12 SNMP (Simple Network
Management Pr
ii libstdc++6 4.4.1-1 The GNU Standard C++
Library v3
ii libxml2 2.7.4.dfsg-2 GNOME XML library
ii libxslt1.1 1.1.24-2 XSLT processing library -
runtime
ii zlib1g 1:1.2.3.3.dfsg-15 compression library -
runtime
libfwbuilder8 recommends no packages.
libfwbuilder8 suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list