Paketname
gnucash
Datum
2007-02-21
Advisory ID
MDKSA-2007:046
Betroffene Versionen
2007.0 x86_64 , 2007.0 i586

Problembeschreibung

Gnucash 2.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the (1) gnucash.trace, (2) qof.trace,
and (3) qof.trace.[PID] temporary files.

Updated package have been patched to correct this issue.

Aktualisierte Pakete

2007.0 x86_64

 5e30146412acbec8657a8f4590146279  2007.0/x86_64/gnucash-2.0.1-1.1mdv2007.0.x86_64.rpm
 725b0c74c9335e4698e634ebc34788da  2007.0/x86_64/gnucash-hbci-2.0.1-1.1mdv2007.0.x86_64.rpm
 15c729b3a02cef72a3b1e019a2a17415  2007.0/x86_64/gnucash-ofx-2.0.1-1.1mdv2007.0.x86_64.rpm
 00724c0891a6e67973c6c9bce8dc25a3  2007.0/x86_64/gnucash-sql-2.0.1-1.1mdv2007.0.x86_64.rpm
 db2b23ba27b6651b0452cfa7463b8e4e  2007.0/x86_64/lib64gnucash0-2.0.1-1.1mdv2007.0.x86_64.rpm
 c97bf9c1d352b89f59572c1762fd5930  2007.0/x86_64/lib64gnucash0-devel-2.0.1-1.1mdv2007.0.x86_64.rpm 
 ae715153145554dab009d40e68148ce7  2007.0/SRPMS/gnucash-2.0.1-1.1mdv2007.0.src.rpm

2007.0 i586

 a8b619c62b08ffe1a0a94123450c9182  2007.0/i586/gnucash-2.0.1-1.1mdv2007.0.i586.rpm
 4670eabd1f6b6ac60d6c0fa6bbf86fae  2007.0/i586/gnucash-hbci-2.0.1-1.1mdv2007.0.i586.rpm
 071c5a28526cc29b99d47485d95b5115  2007.0/i586/gnucash-ofx-2.0.1-1.1mdv2007.0.i586.rpm
 fa58ac7785e11552ad48bc35427ee689  2007.0/i586/gnucash-sql-2.0.1-1.1mdv2007.0.i586.rpm
 3f8f689dd645e73822bd5baa6ba4db1f  2007.0/i586/libgnucash0-2.0.1-1.1mdv2007.0.i586.rpm
 336f63153412b508077cc655d6ce9e76  2007.0/i586/libgnucash0-devel-2.0.1-1.1mdv2007.0.i586.rpm 
 ae715153145554dab009d40e68148ce7  2007.0/SRPMS/gnucash-2.0.1-1.1mdv2007.0.src.rpm

Referenzen