Package: fftw2 Version: 2.1.3-16.2 Severity: grave Tags: security Hello James,
Some libraries in fftw2 and sfftw2 include a rpath pointing to a valid homedir. This potentially allows a user having homedir "/home/devel" to access accounts of other users using fftw2. %chrpath -k -l usr/lib/* usr/lib/libfftw_threads.so.2: RPATH=/home/devel/release/fftw-2.1.3/fftw/.libs usr/lib/libfftw_threads.so.2.0.5: RPATH=/home/devel/release/fftw-2.1.3/fftw/.libs usr/lib/librfftw_mpi.so.2: RPATH=/home/devel/release/fftw-2.1.3/mpi/.libs:/home/devel/release/fftw-2.1.3/fftw/.libs:/home/devel/release/fftw-2.1.3/rfftw/.libs usr/lib/librfftw_mpi.so.2.0.5: RPATH=/home/devel/release/fftw-2.1.3/mpi/.libs:/home/devel/release/fftw-2.1.3/fftw/.libs:/home/devel/release/fftw-2.1.3/rfftw/.libs usr/lib/librfftw.so.2: RPATH=/home/devel/release/fftw-2.1.3/fftw/.libs usr/lib/librfftw.so.2.0.5: RPATH=/home/devel/release/fftw-2.1.3/fftw/.libs usr/lib/librfftw_threads.so.2: RPATH=/home/devel/release/fftw-2.1.3/threads/.libs:/home/devel/release/fftw-2.1.3/fftw/.libs:/home/devel/release/fftw-2.1.3/rfftw/.libs usr/lib/librfftw_threads.so.2.0.5: RPATH=/home/devel/release/fftw-2.1.3/threads/.libs:/home/devel/release/fftw-2.1.3/fftw/.libs:/home/devel/release/fftw-2.1.3/rfftw/.libs Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
