CVE-2008-5374: insecure temp file handling

Debian Bug report logs - #509279
CVE-2008-5374: insecure temp file handling

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2008-5374: insecure temp file handling

Date: Sat, 20 Dec 2008 19:57:02 +0100

Package: bash-doc
Severity: normal
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cmus.

CVE-2008-5374[0]:
| bash-doc 3.2 allows local users to overwrite arbitrary files via a
| symlink attack on a /tmp/cb#####.? temporary file, related to the (1)
| aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5374
    http://security-tracker.debian.net/tracker/CVE-2008-5374

Message #10 received at 509279@bugs.debian.org (full text, mbox, reply):

From: José Luis González <jlgonzal@ya.com>

To: control@bugs.debian.org

Cc: 509279@bugs.debian.org

Subject: security hole

Date: Tue, 23 Dec 2008 16:04:37 +0100

severity 509279 critical
thanks

This makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security
hole on systems where you install the package. I am raising severity to
critical accordingly.

Message #17 received at 509279@bugs.debian.org (full text, mbox, reply):

From: dann frazier <dannf@debian.org>

To: 509279@bugs.debian.org, control@bugs.debian.org

Subject: patch

Date: Tue, 23 Dec 2008 10:41:38 -0700

[Message part 1 (text/plain, inline)]

tag 509279 + patch
thanks

[CVE-2008-5374.patch (text/plain, attachment)]

Message #24 received at 509279@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 509279@bugs.debian.org

Cc: control@bugs.debian.org, José Luis González <jlgonzal@ya.com>

Subject: Re: security hole

Date: Tue, 23 Dec 2008 21:56:42 +0100

[Message part 1 (text/plain, inline)]

severity 509279 important
thanks

The security team believes that bugs like these in example scripts are not 
critical bugs. Nevertheless, fixing them is of course very much encouraged, 
so I hope Mathias will apply Dann's patch as soon as possible.


cheers,
Thijs

[Message part 2 (application/pgp-signature, inline)]

Message #31 received at 509279-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: 509279-close@bugs.debian.org

Subject: Bug#509279: fixed in bash 4.0-2

Date: Sat, 21 Mar 2009 15:17:11 +0000

Source: bash
Source-Version: 4.0-2

We believe that the bug you reported is fixed in the latest version of
bash, which is due to be installed in the Debian FTP archive:

bash-builtins_4.0-2_i386.deb
  to pool/main/b/bash/bash-builtins_4.0-2_i386.deb
bash-doc_4.0-2_all.deb
  to pool/main/b/bash/bash-doc_4.0-2_all.deb
bash-minimal_4.0-2_i386.deb
  to pool/main/b/bash/bash-minimal_4.0-2_i386.deb
bash-static_4.0-2_i386.deb
  to pool/main/b/bash/bash-static_4.0-2_i386.deb
bash_4.0-2.diff.gz
  to pool/main/b/bash/bash_4.0-2.diff.gz
bash_4.0-2.dsc
  to pool/main/b/bash/bash_4.0-2.dsc
bash_4.0-2_i386.deb
  to pool/main/b/bash/bash_4.0-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 509279@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated bash package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 Mar 2009 15:06:46 +0100
Source: bash
Binary: bash bash-minimal bash-static bash-builtins bash-doc bashdb
Architecture: source all i386
Version: 4.0-2
Distribution: experimental
Urgency: low
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description: 
 bash       - The GNU Bourne Again SHell
 bash-builtins - Bash loadable builtins - headers & examples
 bash-doc   - Documentation and examples for the The GNU Bourne Again SHell
 bash-minimal - The GNU Bourne Again SHell (minimal version)
 bash-static - The GNU Bourne Again SHell (static version)
 bashdb     - The GNU Bourne Again SHell Debugger
Closes: 498474 509279 518289
Changes: 
 bash (4.0-2) experimental; urgency=low
 .
   * Apply upstream patches 001 - 010. Closes: #518289.
   * Fix insecure temp file handling in examples scripts. Closes: #509279.
   * /etc/skel.bashrc: Only source bash_completion, if posix mode is turned
     off. Closes: #498474.
Checksums-Sha1: 
 12120d592076c4c5a2a008c31bd5cb2bbdf02254 1119 bash_4.0-2.dsc
 a8d90adb3608b529c529019564eb1dee5e2c1c2a 86440 bash_4.0-2.diff.gz
 e2e9ead7beab826a8fcfcb2bd11d65364f9d8239 311860 bash-doc_4.0-2_all.deb
 01c3b0d7cd1cf9e7038b8c0698bbf0cb9830b18d 1098472 bash_4.0-2_i386.deb
 d622e7528aa2ef5c3b377f4d9408d6edbc6c0c9c 107020 bash-builtins_4.0-2_i386.deb
 78f5198475b7672dc2f32c6216126c03cf92d5d2 755032 bash-static_4.0-2_i386.deb
 5d8465ce64dfac3cb29204df1663931fe5eae98e 224112 bash-minimal_4.0-2_i386.deb
Checksums-Sha256: 
 e7be84c771686a3aeee36aa3424d99d86a72b68e25a9a8844503b5ea406e57c8 1119 bash_4.0-2.dsc
 629d8812b12b08f004e1513a16ac014344bb77e80a6fb3e23624dadd490fe4b3 86440 bash_4.0-2.diff.gz
 7935c790bee2871d58154502ead022f256adadc76676c5ed479b26d488b24de4 311860 bash-doc_4.0-2_all.deb
 c49ab504da2c5ccf292778c129996f1b1ae07f74be4c0891093b35ea77a390e7 1098472 bash_4.0-2_i386.deb
 c8f4e3dae9990c75bc3ce7f8b2c697d2a935a1594d020afd60d5efcb63c32f33 107020 bash-builtins_4.0-2_i386.deb
 6c2547cee538cdb47ed4020c5582d30409982298d2c38a1474c956663bb5af14 755032 bash-static_4.0-2_i386.deb
 695d6c34a94e69765e7d848fcba2c3d24c08339563fd07575a90b21daacb03e2 224112 bash-minimal_4.0-2_i386.deb
Files: 
 3fbc13d082a7d400f84475cd87545e8b 1119 base required bash_4.0-2.dsc
 783f75db92758ed62f8dfb02dbc52ef2 86440 base required bash_4.0-2.diff.gz
 ed222fdcc0fb12196bd479e8d2f1a18a 311860 doc optional bash-doc_4.0-2_all.deb
 207f4182695b1077738588e9832bf9e1 1098472 shells required bash_4.0-2_i386.deb
 f5cff8405ff542d4154b98347b829388 107020 utils optional bash-builtins_4.0-2_i386.deb
 cc5cf0b1316dcfce31a769d91f484e82 755032 shells optional bash-static_4.0-2_i386.deb
 e82a85fea6c722415ce615fdf4cee900 224112 shells optional bash-minimal_4.0-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknFAoIACgkQStlRaw+TLJyemgCgogVXZCKx77xE24CkoeUrU+C7
+RYAni0VAGIXLT9nseuy8j2YMEb2kvbG
=w+jk
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.