Package: libreadline6 Version: 6.2+dfsg-0.1 Severity: important Tags: security
Dear Maintainer, I noticed that GNU Readline version 6.x makes insecure use of files when outputting debugging information via the _rl_trace function. The details were reported here: http://www.openwall.com/lists/oss-security/2014/03/14/5 There is a classic race-condition present here, which allows files to be overwritten. This was allocated the identifier: CVE-2014-2524 Steve -- http://steve.org.uk/ -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8) Shell: /bin/sh linked to /bin/dash Versions of packages libreadline6 depends on: ii libc6 2.13-38+deb7u1 ii libtinfo5 5.9-10 ii multiarch-support 2.13-38+deb7u1 ii readline-common 6.2+dfsg-0.1 libreadline6 recommends no packages. libreadline6 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
