USN-49-1: debmake vulnerability
23 December 2004
debmake vulnerability
Releases
Details
Javier Fernández-Sanguino Peña noticed that the debstd script from
debmake, a deprecated helper package for Debian packaging, created
temporary directories in an insecure manner. This could allow a
symlink attack to create or overwrite arbitrary files with the
privileges of the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
debmake
-
In general, a standard system update will make all the necessary changes.