Debian Security Advisory

DSA-622-1 htmlheadline -- insecure temporary files

Date Reported:

03 Jan 2005

Affected Packages:

htmlheadline

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2004-1181.

More information:

Javier Fernández-Sanguino Peña from the Debian Security Audit Project has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in version 21.8-3.

The unstable distribution (sid) does not contain this package.

We recommend that you upgrade your htmlheadline package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.dsc; http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.diff.gz; http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3_all.deb

MD5 checksums of the listed files are available in the original advisory.