CVE-2008-5138 pam_mount insecure tempfile creation - to update or not?
Till Maas
opensource at till.name
Fri Nov 21 21:51:32 UTC 2008
Hiyas,
there was a bug report opened because of an possible vulnerability in
pam_mount, which I would not really consider one. Because it cannot be
triggered under normal circumstances because the script would fail before an
insecure tempfile is used. More details are available here:
https://bugzilla.redhat.com/show_bug.cgi?id=472109#c2
The question is now, whether I should update the package without the affected
script to make everyone aware of this or just keep it as is.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20081121/29f0aea0/attachment.sig>
More information about the Fedora-security-list
mailing list