Dan Mueth ScrollKeeper Tempfile Symbolic Link Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

Debian has released fixes for this issue. Links to the fixes can be found in Debian advisory DSA 160-1 in the references section.

Gentoo Linux users are advised to update systems using the following steps:
emerge rsync
emerge scrollkeeper
emerge clean

Red Hat has released an update that prevents ScrollKeeper from following symbolic links:


Dan Mueth ScrollKeeper 0.3

Dan Mueth ScrollKeeper 0.3.1

Dan Mueth ScrollKeeper 0.3.11

Dan Mueth ScrollKeeper 0.3.4

Dan Mueth ScrollKeeper 0.3.5

Dan Mueth ScrollKeeper 0.3.6


 

Privacy Statement
Copyright 2010, SecurityFocus