GNU SHTool Insecure Temporary File Deletion Vulnerability

Solution:
Gentoo users can upgrade shtool and ocaml-mysql by issuing the following commands:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/shtool-2.0.1-r2"

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ml/ocaml-mysql-1.0.3-r1"

OpenPKG has released advisory OpenPKG-SA-2005.011 addressing this issue. Please see the referenced advisory for further information.

Red Hat has released advisory RHSA-2005:564-15 to address this issue. Please see the referenced advisory for more information.

PHP has released version 4.4.0 to address this, and other issues.

Trustix has released advisory TSLSA-2005-0036, along with fixes to address various issues. Please see the referenced advisory for further information.

SGI has released advisory 20050703-01-U to address various issues affecting SGI ProPack 3 Service Pack 6. Please see the referenced advisory for more information.

Fedora Legacy advisory FLSA:163559 is available to address various issues affecting Fedora Core 1 and Core 2. Please see the referenced advisory for more information.

Ubuntu Linux has released security advisory USN-171-1 addressing this and other issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released advisory DSA 789-1 to address various issues. Please see the referenced advisory for more information.

PHP version 5.1.0 has been released. This version includes fixes for this issue.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


GNU shTool 2.0.1

PHP PHP 4.0 0

PHP PHP 4.0.1

PHP PHP 4.0.1 pl1

PHP PHP 4.0.1 pl2

PHP PHP 4.0.2

PHP PHP 4.0.3 pl1

PHP PHP 4.0.3

PHP PHP 4.0.4

PHP PHP 4.0.5

PHP PHP 4.0.6

PHP PHP 4.0.7

PHP PHP 4.0.7 RC1

PHP PHP 4.0.7 RC3

PHP PHP 4.0.7 RC2

PHP PHP 4.1 .0

PHP PHP 4.1.1

PHP PHP 4.1.2

PHP PHP 4.2 -dev

PHP PHP 4.2 .0

PHP PHP 4.2.1

PHP PHP 4.2.2

PHP PHP 4.2.3

PHP PHP 4.3

PHP PHP 4.3.1

PHP PHP 4.3.10

PHP PHP 4.3.11

PHP PHP 4.3.2

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.7

PHP PHP 4.3.8

PHP PHP 4.3.9

PHP PHP 5.0 .0

PHP PHP 5.0 candidate 2

PHP PHP 5.0 candidate 3

PHP PHP 5.0 candidate 1

PHP PHP 5.0.1

PHP PHP 5.0.2

PHP PHP 5.0.3

PHP PHP 5.0.4

PHP PHP 5.0.5


 

Privacy Statement
Copyright 2010, SecurityFocus