OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 08-Mar-2004 15:32:22
Branch: HEAD Handle: 2004030814322100
Modified files:
openpkg-web/security OpenPKG-SA-2004.004-libtool.txt
Log:
flush pending changes
Summary:
Revision Changes Path
1.2 +14 -21 openpkg-web/security/OpenPKG-SA-2004.004-libtool.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.004-libtool.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.004-libtool.txt
--- openpkg-web/security/OpenPKG-SA-2004.004-libtool.txt 8 Mar 2004 14:09:51
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2004.004-libtool.txt 8 Mar 2004 14:32:21
-0000 1.2
@@ -1,6 +1,3 @@
-
-
-
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -14,28 +11,27 @@
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
-OpenPKG CURRENT <= libtool-1.5.2-20040207 >= libtool-1.5.2-20040308
-OpenPKG 2.0 <= libtool-1.5.2-2.0.0 >= libtool-1.5.2-2.0.1
-OpenPKG 1.3 <= libtool-1.5-1.3.0 >= libtool-1.5-1.3.1
+OpenPKG CURRENT <= libtool-1.5.2-20040207 >= libtool-1.5.2-20040308
+OpenPKG 2.0 <= libtool-1.5.2-2.0.0 >= libtool-1.5.2-2.0.1
+OpenPKG 1.3 <= libtool-1.5-1.3.0 >= libtool-1.5-1.3.1
Dependent Packages: none
Description:
- According to a posting on Bugtraq [0], a issue regarding the insecure
- creation of a temporary directory issue exists in libtool [1] versions
- before 1.5.2. Use of mkdir(1) along with -p option makes libtool
+ According to a posting on Bugtraq [0], an issue regarding the insecure
+ creation of a temporary directory exists in GNU libtool [1] versions
+ before 1.5.2. Use of mkdir(1) along with option "-p" makes libtool
vulnerable to symlink attacks. Stefan Nordhausen commited a fix that
- removes use of the -p option in 1.5.2. Discussion on Bugtraq further
- indicates that a additional race condition issue exists in the same
- context using chmod(1) which was reported by Joseph S. Myers back in
+ removes the use of option "-p" in version 1.5.2. Discussion on Bugtraq
+ further indicates that an additional race condition issue exists in
+ the same context using chmod(1), reported by Joseph S. Myers back in
March 2000 [2]. The updated OpenPKG versions of libtool contain fixes
for both issues.
-
- Please check whether you are affected by running "<prefix>/bin/rpm
- -q libtool". If you have the "libtool" package installed and its version
- is affected (see above), we recommend that you immediately upgrade
- it (see Solution) and it's dependent packages (see above), if any,
- too. [3][4]
+
+ Please check whether you are affected by running "<prefix>/bin/rpm -q
+ libtool". If you have the "libtool" package installed and its version
+ is affected (see above), we recommend that you immediately upgrade it
+ (see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ -55,9 +51,6 @@
$ <prefix>/bin/openpkg rpm --rebuild libtool-1.5.2-2.0.1.src.rpm
$ su -
# <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/libtool-1.5.2-2.0.1.*.rpm
-
- Additionally, we recommend that you rebuild and reinstall
- all dependent packages (see above), if any, too. [3][4]
________________________________________________________________________
References:
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
