[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-desktop
Subject: [gentoo-desktop] [gentoo-announce] GLSA: libmm
From: Seemant Kulleen <seemant () gentoo ! org>
Date: 2002-07-31 8:51:36
[Download RAW message or body]
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : mm - Shared Memory Abstraction library
SUMMARY : security vulnerability in mm temp files.
DATE : Wed Jul 31 08:44:26 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
There is a temp file vulnerability that can be used to gain root access on
a system running Apache. Versions affected: dev-libs/mm-1.1.3-r1
DETAIL
PHP can be used to give the www-user shell access for systems running
Apache. This temp file vulnerability can be exploited to use that to gain
root access.
This affects dev-libs/mm-1.1.3-r1
http://online.securityfocus.com/advisories/4315
SOLUTION
It is recommended that all Gentoo Linux users who are running apache
linked with mm update their systems as follows. Note, the new version will
be mm-1.2.1
emerge rsync
emerge dev-libs/mm
- ------------------------------------------------------------------------
aliz@gentoo.org
seemant@gentoo.org
drobbins@gentoo.org
- ------------------------------------------------------------------------
--
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux http://www.gentoo.org/~seemant
_______________________________________________
gentoo-announce mailing list
gentoo-announce@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-announce
_______________________________________________
gentoo-desktop mailing list
gentoo-desktop@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-desktop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic