CVE-2008-5138 pam_mount insecure tempfile creation - to update or not?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hiyas,

there was a bug report opened because of an possible vulnerability in 
pam_mount, which I would not really consider one. Because it cannot be 
triggered under normal circumstances because the script would fail before an 
insecure tempfile is used. More details are available here:

https://bugzilla.redhat.com/show_bug.cgi?id=472109#c2

The question is now, whether I should update the package without the affected 
script to make everyone aware of this or just keep it as is.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux