Dan Mueth ScrollKeeper Tempfile Symbolic Link Vulnerability Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Debian has released fixes for this issue. Links to the fixes can be found in Debian advisory DSA 160-1 in the references section.
Gentoo Linux users are advised to update systems using the following steps:
emerge rsync
emerge scrollkeeper
emerge clean
Red Hat has released an update that prevents ScrollKeeper from following symbolic links:
Dan Mueth ScrollKeeper 0.3
Dan Mueth ScrollKeeper 0.3.1
Dan Mueth ScrollKeeper 0.3.11
Dan Mueth ScrollKeeper 0.3.4
Dan Mueth ScrollKeeper 0.3.5
Dan Mueth ScrollKeeper 0.3.6
