-----BEGIN PGP SIGNED MESSAGE-----

The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspectible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.

We recommend you upgrade your cfengine package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
- -------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 680x0 architecture.

  Source archives:
    _1.4.9.orig.tar.gz
	  MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
    .4.9-3.diff.gz
      MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
    -3.dsc
      MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44

  Intel architecture:
          MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b

  Motorola 680x0 architecture:
          MD5 checksum: 8628802255c66796f8acd3fe1844bb0b


For not yet released architectures please refer to the appropriate
directory  .

- -- 
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .   


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBNsi3eKjZR/ntlUftAQGr9gL/UW53toFW/wGR2XidybaqwVVUWAWOo/dd
U3w5QTSkRXIdrLQBnxtYDWvY7L9Re1nQDrVBekyTqlBb3smhgIP3kpjWC+U/wbhy
/3l3B8ifja39Wwktg4OhCEwfTM7D+SId
=Lfxs
-----END PGP SIGNATURE-----

New versions of cfengine fixes symlink attack

December 13, 1999
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspec...

Summary

The maintainer of Debian GNU/Linux cfengine package found a error
in the way cfengine handles temporary files when it runs the tidy
action on homedirectories, which makes it suspectible to a symlink
attack. The author has been notified of the problem but has not
released a fix yet.

We recommend you upgrade your cfengine package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.0 alias hamm

This version of Debian was released only for the Intel and the
Motorola 680x0 architecture.

Source archives:
_1.4.9.orig.tar.gz
MD5 checksum: 9c952524f2ce0a3dae6728f63d28a3ce
.4.9-3.diff.gz
MD5 checksum: 9de13ab36791319a846f5d50248b8ed5
-3.dsc
MD5 checksum: 6d5f1d2c10ec0a0eeef07dd73244bb44

Intel architecture:
MD5 checksum: c935781e39141fdcc5b3e3e7a1b5ac7b

Motorola 680x0 architecture:
MD5 checksum: 8628802255c66796f8acd3fe1844bb0b


For not yet released architectures please refer to ...

Read the Full Advisory

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved