Nome do pacote
sympa
Data
2009-10-09
ID Alerta
MDVSA-2009:263
Versões afetadas
MES5 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , MES5 x86_64

Descrição do problema

A vulnerability has been found and corrected in sympa:

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary
files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi
was also reported, but the issue occurred in a dead function, so it
is not a vulnerability (CVE-2008-4476).

This update fixes this vulnerability.

Pacotes atualizados

MES5 i586

 1a96b150b82383fd6d39d20c213fd108  mes5/i586/sympa-5.4.3-2.1mdvmes5.i586.rpm 
 39b4ae91d2b3f71ec03b06b140d7bcd6  mes5/SRPMS/sympa-5.4.3-2.1mdvmes5.src.rpm

CS4.0 i586

 0a215faa19cdafd9e6b4629cae8e7e88  corporate/4.0/i586/sympa-5.1.0-2.2.20060mlcs4.i586.rpm 
 843e221a88b9c00b5e039a6e5ae329e6  corporate/4.0/SRPMS/sympa-5.1.0-2.2.20060mlcs4.src.rpm

CS4.0 x86_64

 af19cee9ddb9da2d457b929658d59411  corporate/4.0/x86_64/sympa-5.1.0-2.2.20060mlcs4.x86_64.rpm 
 843e221a88b9c00b5e039a6e5ae329e6  corporate/4.0/SRPMS/sympa-5.1.0-2.2.20060mlcs4.src.rpm

2008.1 x86_64

 5a0919e4c9be46728d793f507e48f14f  2008.1/x86_64/sympa-5.3.4-2.1mdv2008.1.x86_64.rpm 
 86739466370bfdd2203d43a2148f2c36  2008.1/SRPMS/sympa-5.3.4-2.1mdv2008.1.src.rpm

2008.1 i586

 fc8a2252a6bb28187ab63e67b3b765a9  2008.1/i586/sympa-5.3.4-2.1mdv2008.1.i586.rpm 
 86739466370bfdd2203d43a2148f2c36  2008.1/SRPMS/sympa-5.3.4-2.1mdv2008.1.src.rpm

MES5 x86_64

 ae2a17752bc9e29425b1aea5003d2805  mes5/x86_64/sympa-5.4.3-2.1mdvmes5.x86_64.rpm 
 39b4ae91d2b3f71ec03b06b140d7bcd6  mes5/SRPMS/sympa-5.4.3-2.1mdvmes5.src.rpm

Referências