Gentoo Archives: gentoo-announce

From:	aliz@gentoo.org (Daniel Ahlberg)
To:	gentoo-announce@g.o, bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject:	[gentoo-announce] GLSA: mindi (200309-05)
Date:	Tue, 02 Sep 2003 10:36:09
Message-Id:	`20030902103717.3BC609FBB3@noc.internal.fairytale.se`

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - ---------------------------------------------------------------------
5	GENTOO LINUX SECURITY ANNOUNCEMENT 200309-05
6	- - - ---------------------------------------------------------------------
7
8	PACKAGE : mindi
9	SUMMARY : insecure file creations
10	DATE : 2003-09-02 10:37 UTC
11	EXPLOIT : local
12	VERSIONS AFFECTED : <mindi-0.86
13	FIXED VERSION : >=mindi-0.86
14	CVE : CAN-2003-0617
15
16	- - - ---------------------------------------------------------------------
17
18	Mindi creates files in /tmp which could allow local user to overwrite
19	arbitrary files.
20
21	SOLUTION
22
23	It is recommended that all Gentoo Linux users who are running
24	sys-apps/mindi upgrade to mindi-0.86 as follows:
25
26	emerge sync
27	emerge mindi
28	emerge clean
29
30	- - - ---------------------------------------------------------------------
31	aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
32	- - - ---------------------------------------------------------------------
33	-----BEGIN PGP SIGNATURE-----
34	Version: GnuPG v1.2.3 (GNU/Linux)
35
36	iD8DBQE/VHLdfT7nyhUpoZMRAjnKAJ0ZvugZaxlmYi2iMiBRjg0CGsptYQCgqPtF
37	jKnwQrfogmpyoGXbfjyRsMU=
38	=uUAM
39	-----END PGP SIGNATURE-----