Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8386
HistoryApr 20, 2005 - 12:00 a.m.

[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files

2005-04-2000:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA 661-2 [email protected]
http://www.debian.org/security/ Martin Schulze
April 20th, 2005 http://www.debian.org/security/faq

Package : f2c
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0017

Dan McMahill noticed that our our advisory DSA 661-1 did not correct
the multiple insecure files problem, hence, this update. For
completeness below is the original advisory text:

Javier Fernández-Sanguino Peña from the Debian Security Audit project
discovered that f2c and fc, which are both part of the f2c package, a
fortran 77 to C/C++ translator, open temporary files insecurely and
are hence vulnerable to a symlink attack. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CAN-2005-0017

  Multiple insecure temporary files in the f2c translator.

For the stable distribution (woody) and all others including testing
this problem has been fixed in version 20010821-3.2.

We recommend that you upgrade your f2c package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.dsc
  Size/MD5 checksum:      519 9b2bb4378799e59604236b0b3ac9d071
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.diff.gz
  Size/MD5 checksum:    28846 2d49723d6a8e1ea4f67737dd031d34c0
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821.orig.tar.gz
  Size/MD5 checksum:   416017 f2527aed84c8db35c883615c3b9b8511

Alpha architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_alpha.deb
  Size/MD5 checksum:   524226 0f5c34632212482cf65bb34353e8a22d

ARM architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_arm.deb
  Size/MD5 checksum:   470606 c6dd76b690a83e375f8c921d2b871b6e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_i386.deb
  Size/MD5 checksum:   423136 d1d1523248bc0da3216c9361e3674b6c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_ia64.deb
  Size/MD5 checksum:   678896 8f1fff444a7c3f19d0928b932c170b53

HP Precision architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_hppa.deb
  Size/MD5 checksum:   493478 add18234ac7c933ab0200fb31a085048

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_m68k.deb
  Size/MD5 checksum:   407490 4767c71a54b67e19d6039afa3e272f7b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mips.deb
  Size/MD5 checksum:   482944 8efcba5fae72fac7afdaa21985a24201

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mipsel.deb
  Size/MD5 checksum:   481100 0f45588cacac79ee241319f4a83fcb42

PowerPC architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_powerpc.deb
  Size/MD5 checksum:   455566 1b8f4f055268a71e99bd39ecc952cbef

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_s390.deb
  Size/MD5 checksum:   446284 333d26b19a55a4b564ba927cd5e689db

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_sparc.deb
  Size/MD5 checksum:   467270 743a0e4974deed21925aba2900942338

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCZjAfW5ql+IAeqTIRAqCwAJ9235WRzXJd7myXH+0ksfXW+CbNbACgjoqN
QWvQq7K+JILosu6IExyF9+c=
=SLUk
-----END PGP SIGNATURE-----

Related

gentoo 1
openvas 8
nessus 3
cve 1
freebsd 1
debian 4
ubuntucve 1
debiancve 1
osv 1
gentoo
gentoo
f2c: Insecure temporary file creation
2005-01-30 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200501-43 (f2c)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-43 (f2c)
2008-09-24 00:00:00
Debian Security Advisory DSA 661-2 (f2c)
2008-01-17 00:00:00
nessus
nessus
GLSA-200501-43 : f2c: Insecure temporary file creation
2005-02-14 00:00:00
FreeBSD : f2c -- insecure temporary files (43cb40b3-c8c2-11da-a672-000e0c2e438a)
2006-08-21 00:00:00
Debian DSA-661-2 : f2c - insecure temporary files
2005-01-27 00:00:00
cve
cve
CVE-2005-0017
2005-05-02 04:00:00
freebsd
freebsd
f2c -- insecure temporary files
2005-01-27 00:00:00
debian
debian
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files
2005-04-20 10:34:07
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files
2005-04-20 10:34:07
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files
2005-01-27 13:43:12
ubuntucve
ubuntucve
CVE-2005-0017
2005-05-02 00:00:00
debiancve
debiancve
CVE-2005-0017
2005-05-02 04:00:00
osv
osv
f2c - insecure temporary files
2005-04-20 00:00:00
JSON
Related for SECURITYVULNS:DOC:8386
gentoo1openvas8nessus3cve1freebsd1debian4ubuntucve1debiancve1osv1