Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: elvis2.htm

Elvis-tiny temp file issues



Vulnerability

    elvis

Affected

    Linux

Description

    Topi Miettinen  audited elvis-tiny  and raised  an issue  covering
    the use and creation of temporary files.  Those files are  created
    with  a  predictable  pattern  and  O_EXCL  flag  is not used when
    opening.   This  makes  users  of  elvis-tiny  vulnerable  to race
    conditions and/or data lossage.

    This problem does not exist in the big elvis package.

Solution

    For Debian:

        http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.diff.gz
        http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.dsc
        http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4.orig.tar.gz
        http://security.debian.org/dists/potato/updates/main/binary-alpha/elvis-tiny_1.4-10_alpha.deb
        http://security.debian.org/dists/potato/updates/main/binary-arm/elvis-tiny_1.4-10_arm.deb
        http://security.debian.org/dists/potato/updates/main/binary-i386/elvis-tiny_1.4-10_i386.deb
        http://security.debian.org/dists/potato/updates/main/binary-m68k/elvis-tiny_1.4-10_m68k.deb
        http://security.debian.org/dists/potato/updates/main/binary-powerpc/elvis-tiny_1.4-10_powerpc.deb
        http://security.debian.org/dists/potato/updates/main/binary-sparc/elvis-tiny_1.4-10_sparc.deb
        http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.dsc
        http://security.debian.org/dists/stable/updates/main/source/ed_0.2.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/ed_0.2-18.1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/ed_0.2-18.1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/ed_0.2-18.1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/ed_0.2-18.1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/ed_0.2-18.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/ed_0.2-18.1_sparc.deb

    For Immunix OS:

        http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ed-0.2-19.6x_StackGuard.i386.rpm
        http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/ed-0.2-19.6x_StackGuard.src.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ed-0.2-19_StackGuard.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/ed-0.2-19_StackGuard.src.rpm

    For Linux-Mandrake:

        Linux-Mandrake 6.0: 6.0/RPMS/ed-0.2-15.1mdk.i586.rpm
                            6.0/SRPMS/ed-0.2-15.1mdk.src.rpm
        Linux-Mandrake 6.1: 6.1/RPMS/ed-0.2-15.1mdk.i586.rpm
                            6.1/SRPMS/ed-0.2-15.1mdk.src.rpm
        Linux-Mandrake 7.0: 7.0/RPMS/ed-0.2-15.1mdk.i586.rpm
                            7.0/SRPMS/ed-0.2-15.1mdk.src.rpm
        Linux-Mandrake 7.1: 7.1/RPMS/ed-0.2-17.1mdk.i586.rpm
                            7.1/SRPMS/ed-0.2-17.1mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/ed-0.2-21.1mdk.i586.rpm
                            7.2/SRPMS/ed-0.2-21.1mdk.src.rpm

    For Red Hat:

        ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm
        ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm
        ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm
        ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm
        ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm
        ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm
        ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm
        ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm
        ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm
        ftp://updates.redhat.com/7.0/alpha/ed-0.2-19.alpha.rpm
        ftp://updates.redhat.com/7.0/i386/ed-0.2-19.i386.rpm
        ftp://updates.redhat.com/7.0/SRPMS/ed-0.2-19.src.rpm

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/ed-0.2-17cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ed-0.2-17cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ed-0.2-17cl.i386.rpm

    For Trustix Linux:

        For version 1.2: ed-0.2-17tr.i586.rpm
                         ed-0.2-17tr.src.rpm
        For version 1.1 and 1.0:
                         ed-0.2-17tr.i586.rpm
                         ed-0.2-17tr.src.rpm

    Get these updates at:

        ftp://ftp.trustix.net/pub/Trustix/updates/
        http://www.trustix.net/pub/Trustix/updates/

    Users of 1.0x and 1.1 should go to the 1.1 directory, while  users
    of 1.2 should use the packages available in the 1.2 directory.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH