Debian Security Advisory
DSA-1643-1 feta -- insecure temp file handling
- Date Reported:
- 05 Oct 2008
- Affected Packages:
- feta
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 496397.
In Mitre's CVE dictionary: CVE-2008-4440. - More information:
-
Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.
For the stable distribution (etch), this problem has been fixed in version 1.4.15+etch1.
For the unstable distribution (sid), this problem has been fixed in version 1.4.16+nmu1.
We recommend that you upgrade your feta package.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1.dsc
- http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1.tar.gz
- http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1.tar.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1_all.deb
MD5 checksums of the listed files are available in the original advisory.