Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-3500

Published: 3 September 2012

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

Notes

AuthorNote
tyhicks 
If TMPDIR is not changed, mitigated by yama in Natty and newer

Priority

Low

Status

Package Release Status
devscripts
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (2.10.61ubuntu5.3)
natty
Released (2.10.69ubuntu2.2)
oneiric
Released (2.11.1ubuntu3.2)
precise
Released (2.11.6ubuntu1.4)
upstream
Released (2.12.2)
Patches:
upstream: https://bugzilla.redhat.com/attachment.cgi?id=604260&action=diff
vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=1bbe2163987c53064a4cd57712927f4b06c01032
vendor: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading