Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15239
HistoryNov 28, 2006 - 12:00 a.m.

[ GLSA 200611-21 ] Kile: Incorrect backup file permission

2006-11-2800:00:00
vulners.com
7

Gentoo Linux Security Advisory GLSA 200611-21


                                        http://security.gentoo.org/

Severity: Low
Title: Kile: Incorrect backup file permission
Date: November 27, 2006
Bugs: #155613
ID: 200611-21


Synopsis

Kile uses default permissions for backup files, potentially leading to
information disclosure.

Background

Kile is a TeX/LaTeX editor for KDE.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 app-editors/kile < 1.9.2-r1 >= 1.9.2-r1

Description

Kile fails to set the same permissions on backup files as on the
original file. This is similar to CVE-2005-1920.

Impact

A kile user may inadvertently grant access to sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Kile users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-editors/kile-1.9.2-r1&quot;

References

[ 1 ] CVE-2005-1920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related for SECURITYVULNS:DOC:15239