MDKSA-2001:030-1
- Package name
- sgml-tools
- Date
- 2001-03-20
- Advisory ID
- MDKSA-2001:030-1
- Affected versions
- 7.1 i586 , CS1.0 i586
Problem description
Insecure handling of temporary file permissions can lead to other users on a multi-user system being able to read the documents being converted. This is due to sgml-tools creating temporary files without any special permissions. The updated packages create a secure temporary directory first, which is readable only by the owner, and then create the temporary files in that secure directory. Update: The packages for Linux-Mandrake 7.1 and Corporate Server 1.0.1 had a dependency on the wrong version of sgml-common which made it impossible to upgrade the software. New packages have been released that fix this problem.
Updated packages
7.1 i586
35e8e14047ac5710274e803bc7bd3e7c 7.1/RPMS/sgml-tools-1.0.9-8.3mdk.i586.rpm 02d2fa1b6a56a7c8dc2decfb9339d2a6 7.1/SRPMS/sgml-tools-1.0.9-8.3mdk.src.rpm
CS1.0 i586
35e8e14047ac5710274e803bc7bd3e7c 1.0.1/RPMS/sgml-tools-1.0.9-8.3mdk.i586.rpm 02d2fa1b6a56a7c8dc2decfb9339d2a6 1.0.1/SRPMS/sgml-tools-1.0.9-8.3mdk.src.rpm