|
Vulnerability elvis Affected Linux Description Topi Miettinen audited elvis-tiny and raised an issue covering the use and creation of temporary files. Those files are created with a predictable pattern and O_EXCL flag is not used when opening. This makes users of elvis-tiny vulnerable to race conditions and/or data lossage. This problem does not exist in the big elvis package. Solution For Debian: http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.diff.gz http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.dsc http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4.orig.tar.gz http://security.debian.org/dists/potato/updates/main/binary-alpha/elvis-tiny_1.4-10_alpha.deb http://security.debian.org/dists/potato/updates/main/binary-arm/elvis-tiny_1.4-10_arm.deb http://security.debian.org/dists/potato/updates/main/binary-i386/elvis-tiny_1.4-10_i386.deb http://security.debian.org/dists/potato/updates/main/binary-m68k/elvis-tiny_1.4-10_m68k.deb http://security.debian.org/dists/potato/updates/main/binary-powerpc/elvis-tiny_1.4-10_powerpc.deb http://security.debian.org/dists/potato/updates/main/binary-sparc/elvis-tiny_1.4-10_sparc.deb http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.diff.gz http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.dsc http://security.debian.org/dists/stable/updates/main/source/ed_0.2.orig.tar.gz http://security.debian.org/dists/stable/updates/main/binary-alpha/ed_0.2-18.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-arm/ed_0.2-18.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-i386/ed_0.2-18.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/ed_0.2-18.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ed_0.2-18.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/ed_0.2-18.1_sparc.deb For Immunix OS: http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ed-0.2-19.6x_StackGuard.i386.rpm http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/ed-0.2-19.6x_StackGuard.src.rpm http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ed-0.2-19_StackGuard.i386.rpm http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/ed-0.2-19_StackGuard.src.rpm For Linux-Mandrake: Linux-Mandrake 6.0: 6.0/RPMS/ed-0.2-15.1mdk.i586.rpm 6.0/SRPMS/ed-0.2-15.1mdk.src.rpm Linux-Mandrake 6.1: 6.1/RPMS/ed-0.2-15.1mdk.i586.rpm 6.1/SRPMS/ed-0.2-15.1mdk.src.rpm Linux-Mandrake 7.0: 7.0/RPMS/ed-0.2-15.1mdk.i586.rpm 7.0/SRPMS/ed-0.2-15.1mdk.src.rpm Linux-Mandrake 7.1: 7.1/RPMS/ed-0.2-17.1mdk.i586.rpm 7.1/SRPMS/ed-0.2-17.1mdk.src.rpm Linux-Mandrake 7.2: 7.2/RPMS/ed-0.2-21.1mdk.i586.rpm 7.2/SRPMS/ed-0.2-21.1mdk.src.rpm For Red Hat: ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm ftp://updates.redhat.com/7.0/alpha/ed-0.2-19.alpha.rpm ftp://updates.redhat.com/7.0/i386/ed-0.2-19.i386.rpm ftp://updates.redhat.com/7.0/SRPMS/ed-0.2-19.src.rpm For Conectiva Linux: ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/ed-0.2-17cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ed-0.2-17cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ed-0.2-17cl.i386.rpm For Trustix Linux: For version 1.2: ed-0.2-17tr.i586.rpm ed-0.2-17tr.src.rpm For version 1.1 and 1.0: ed-0.2-17tr.i586.rpm ed-0.2-17tr.src.rpm Get these updates at: ftp://ftp.trustix.net/pub/Trustix/updates/ http://www.trustix.net/pub/Trustix/updates/ Users of 1.0x and 1.1 should go to the 1.1 directory, while users of 1.2 should use the packages available in the 1.2 directory.