Debian Security Advisory
DSA-622-1 htmlheadline -- insecure temporary files
- Date Reported:
- 03 Jan 2005
- Affected Packages:
- htmlheadline
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2004-1181.
- More information:
-
Javier Fernández-Sanguino Peña from the Debian Security Audit Project has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in version 21.8-3.
The unstable distribution (sid) does not contain this package.
We recommend that you upgrade your htmlheadline package.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.dsc
- http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.diff.gz
- http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8.orig.tar.gz
- http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3_all.deb
MD5 checksums of the listed files are available in the original advisory.