Debian Security Advisory

DSA-622-1 htmlheadline -- insecure temporary files

Date Reported:
03 Jan 2005
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2004-1181.
More information:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in version 21.8-3.

The unstable distribution (sid) does not contain this package.

We recommend that you upgrade your htmlheadline package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.