-----BEGIN PGP SIGNED MESSAGE-----

The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspectible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.

We recommend you upgrade your cfengine package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
- -------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 680x0 architecture.

  Source archives:
    _1.4.9.orig.tar.gz
	  MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
    .4.9-3.diff.gz
      MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
    -3.dsc
      MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44

  Intel architecture:
          MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b

  Motorola 680x0 architecture:
          MD5 checksum: 8628802255c66796f8acd3fe1844bb0b


For not yet released architectures please refer to the appropriate
directory  .

- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd
U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy
/3l3B8ifja39Wwktg4OhCEwfTM7D+SId
=Lfxs
-----END PGP SIGNATURE-----

New versions of cfengine fixes symlink attack

December 13, 1999
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspec...

Summary

The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspectible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.

We recommend you upgrade your cfengine package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.0 alias hamm

This version of Debian was released only for the Intel and the
Motorola 680x0 architecture.

Source archives:
_1.4.9.orig.tar.gz
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
.4.9-3.diff.gz
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
-3.dsc
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44

Intel architecture:
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b

Motorola 680x0 architecture:
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b


For not yet released architectures please refer to the appropriate
directory .

- --
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd
U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy
/3l3B8ifja39Wwktg4OhCEwfTM7D+SId
=Lfxs
-----END PGP SIGNATURE-----




Severity
-----BEGIN PGP SIGNED MESSAGE-----

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved