Package name
Advisory ID
Affected versions
7.1 i586 , CS1.0 i586

Problem description

Insecure handling of temporary file permissions can lead to other users on a multi-user system being able to read the documents being converted. This is due to sgml-tools creating temporary files without any special permissions. The updated packages create a secure temporary directory first, which is readable only by the owner, and then create the temporary files in that secure directory. Update: The packages for Linux-Mandrake 7.1 and Corporate Server 1.0.1 had a dependency on the wrong version of sgml-common which made it impossible to upgrade the software. New packages have been released that fix this problem.

Updated packages

7.1 i586

 35e8e14047ac5710274e803bc7bd3e7c  7.1/RPMS/sgml-tools-1.0.9-8.3mdk.i586.rpm
02d2fa1b6a56a7c8dc2decfb9339d2a6  7.1/SRPMS/sgml-tools-1.0.9-8.3mdk.src.rpm

CS1.0 i586

 35e8e14047ac5710274e803bc7bd3e7c  1.0.1/RPMS/sgml-tools-1.0.9-8.3mdk.i586.rpm
02d2fa1b6a56a7c8dc2decfb9339d2a6  1.0.1/SRPMS/sgml-tools-1.0.9-8.3mdk.src.rpm