- Package name
- Advisory ID
- Affected versions
- 8.0 i586
Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the O_EXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the temporary files. This new version has all but one unsafe temporary file open fixed. It can still be used safely when using the new TEMPDIRECTORY configuration option, which is now set to /root/tmp.
0044f1e76408952671b9cff40e8cc054 8.0/RPMS/tripwire-220.127.116.11-2.2mdk.i586.rpm cae6fad50b3e382dbcf73306a9b0ec91 8.0/SRPMS/tripwire-18.104.22.168-2.2mdk.src.rpm