Your message dated Sat, 19 Apr 2008 12:47:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476588: fixed in aptlinex 0.91-1
has caused the Debian Bug report #476588,
regarding aptlinex: insecure tmp file usage
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
476588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476588
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: aptlinex
Severity: normal
Tags: security
Hi,
looking at the code of aptlinex because of #476572 I
stumbled over another security issue:
Insecure temporary file usage in ModMain.module:
90 IF User.Name <> "root" THEN
91 'EXEC [graphicalSu(), "gambas-apt.gambas", User.Name, Buf] WAIT
92 PRINT graphicalSu() & " gambas-apt.gambas " & user.Name & " " & Buf
93 SHELL graphicalSu() & " gambas-apt.gambas " & user.Name & " " & Buf WAIT
94 IF Exist("/tmp/gambas-apt-exec") THEN sExec =
File.Load("/tmp/gambas-apt-exec")
95 TRY EXEC [sExec] WAIT
96 RETURN
97 END IF
98
99 TRY File.Save("/tmp/gambas-apt.lock", Application.Id)
Adding a symlink /tmp/gambas-apt.lock -> someimportant file an attacker could
overwrite any file on the system with the process id of aptline since this
process
runs as root.
The code before that looks like this would load gambas code from a file called
/tmp/gambas-apt-exec
and then execute it but I am not sure cause I have no real idea about gambas.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp9anLnSWUSC.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: aptlinex
Source-Version: 0.91-1
We believe that the bug you reported is fixed in the latest version of
aptlinex, which is due to be installed in the Debian FTP archive:
aptlinex_0.91-1.diff.gz
to pool/main/a/aptlinex/aptlinex_0.91-1.diff.gz
aptlinex_0.91-1.dsc
to pool/main/a/aptlinex/aptlinex_0.91-1.dsc
aptlinex_0.91-1_all.deb
to pool/main/a/aptlinex/aptlinex_0.91-1_all.deb
aptlinex_0.91.orig.tar.gz
to pool/main/a/aptlinex/aptlinex_0.91.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
José L. Redrejo Rodríguez <[EMAIL PROTECTED]> (supplier of updated aptlinex
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 19 Apr 2008 14:27:58 +0200
Source: aptlinex
Binary: aptlinex
Architecture: source all
Version: 0.91-1
Distribution: unstable
Urgency: high
Maintainer: José L. Redrejo Rodríguez <[EMAIL PROTECTED]>
Changed-By: José L. Redrejo Rodríguez <[EMAIL PROTECTED]>
Description:
aptlinex - Web browser addon to install Debian packages with a click
Closes: 476572 476588 476590
Changes:
aptlinex (0.91-1) unstable; urgency=high
.
* New upstream release to fix several security bugs:
* Check if the package really exists before acting (Closes: #476572)
* Always uses Temp$() when creating temp files (Closes: #476588)
* It does not use lock files anymore
* Now apt:foo uris are also accepted (Closes: #476590)
Checksums-Sha1:
1d194fdbf3f56deddaaaa82f3fb2f1ff3ac92303 1000 aptlinex_0.91-1.dsc
1f18a5e163d471559ad66e2c40f42b429dc11a8b 78048 aptlinex_0.91.orig.tar.gz
cc6ee09ee8f39270080d32042ca40de8f7e39e9b 4126 aptlinex_0.91-1.diff.gz
1525109c15e3a466123039761c44b559c58f2def 17902 aptlinex_0.91-1_all.deb
Checksums-Sha256:
99831c21bdd02431baff6347b1734132ec7fdbee21017834c40404a2e781f215 1000
aptlinex_0.91-1.dsc
eaa0b6f66a97860796737f02a33a05510d61b20a52fba6c466fb684d2348c172 78048
aptlinex_0.91.orig.tar.gz
a73a755806c5d1ee519a403471bd4e3a0cc1734cea0f961d921827324eac71fb 4126
aptlinex_0.91-1.diff.gz
d83678846ce02b22919ecd1ff96415a5c2fc2fd8f9f022219ad3a4d553f8ce2d 17902
aptlinex_0.91-1_all.deb
Files:
66a0643d4ccc7a5298400199566497c3 1000 utils optional aptlinex_0.91-1.dsc
0268d5163b1d29e2840fdd6322958aa5 78048 utils optional aptlinex_0.91.orig.tar.gz
3294ee576f5a8ab3673c2411c3ba9fdb 4126 utils optional aptlinex_0.91-1.diff.gz
9fa3738eb3233e3018c203a97830588b 17902 utils optional aptlinex_0.91-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFICedqmqVR2WapDeIRAqpiAJ4wrq4VVVzgQaj6MpEs3gdi8qWkPgCfXZ8U
rSSgBgLQpVceqiF41bvsCcw=
=hWQx
-----END PGP SIGNATURE-----
--- End Message ---
