MDKSA-2001:087

Package name

expect

Date

2001-11-21

Advisory ID

MDKSA-2001:087

Affected versions

8.1 i586

Problem description

A packaging problem that can lead to a root compromise existed in the expect package as provided in Mandrake Linux 8.1. expect would look for libraries in the directory /home/snailtalk/tmp/tcltk-root/usr/lib before any other and if such a user existed on the system, with rogue libraries, if root were to execute expect, a compromise could occur.

Updated packages

8.1 i586

 ae0c68032ee45c214fb7335ebb4dcd0d  8.1/RPMS/expect-8.3.3-9.1mdk.i586.rpm
9a9f9a5ca12504bbc45bff29a1029540  8.1/SRPMS/tcltk-8.3.3-9.1mdk.src.rpm