Package name
rpmdevtools
Date
2013-04-10
Advisory ID
MDVSA-2013:123
Affected versions
MBS1 x86_64

Problem description

Updated rpmdevtools package fixes security vulnerability:

A TOCTOU race condition was found in the way 'annotate-output' (used
to execute a program annotating the output linewise with time and
stream) tool of rpmdevtools before 8.3 performed management of its
temporary files used for standard output and standard error output. A
local attacker could use this flaw to conduct symbolic link attacks,
possibly leading to their ability in an unauthorized way to alter
files belonging to the user running the 'annotate-output' tool
(CVE-2012-3500).

Updated packages

MBS1 x86_64

 71b23cbb10bd646ca4ba1f5e772f77a1  mbs1/x86_64/rpmdevtools-8.3-1.mbs1.noarch.rpm 
 fa512beb5677542a86236f63262a9b91  mbs1/SRPMS/rpmdevtools-8.3-1.mbs1.src.rpm

References