Fedora Legacy Test Update Notification: libtool
Michael Schwendt
ms-nospam-0306 at arcor.de
Fri Mar 5 11:19:45 UTC 2004
On Thu, 4 Mar 2004 20:51:37 -0800, Jesse Keating wrote:
> - ---------------------------------------------------------------------
> Update Information:
>
> Symlink Vuln in Libtool:
> The chmod has a race (that access to the temporary directory could be
> gained after it is created but before it is chmoded)
> - ---------------------------------------------------------------------
As I've pointed out in the bug ticket, Red Hat Linux with default
configuration is not vulnerable as it includes a modified libtool which
uses mktemp to create the temporary file. It is only vulnerable, when
mktemp is erased, breaking libtool's dependency on it.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040305/b762aa44/attachment.sig>
More information about the fedora-legacy-list
mailing list