Debian Security Advisory
DSA-622-1 htmlheadline -- insecure temporary files
- Date Reported:
- 03 Jan 2005
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2004-1181.
- More information:
Javier Fernández-Sanguino Peña from the Debian Security Audit Project has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in version 21.8-3.
The unstable distribution (sid) does not contain this package.
We recommend that you upgrade your htmlheadline package.
- Fixed in:
Debian GNU/Linux 3.0 (woody)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.