blob: db52f0f78620eec99cbe2a49f8c3c92c3138184f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200712-01">
<title>Hugin: Insecure temporary file creation</title>
A vulnerability has been discovered in Hugin, potentially allowing for a
Denial of Service.
<product type="ebuild">hugin</product>
<announced>December 05, 2007</announced>
<revised>December 05, 2007: 01</revised>
<package name="media-gfx/hugin" auto="yes" arch="*">
<unaffected range="rge">0.6.1-r1</unaffected>
<unaffected range="ge">0.7_beta4-r1</unaffected>
<vulnerable range="lt">0.7_beta4-r1</vulnerable>
Hugin is a GUI for creating and processing panoramic images.
Suse Linux reported that Hugin creates the
"hugin_debug_optim_results.txt" temporary file in an insecure manner.
<impact type="normal">
A local attacker could exploit this vulnerability with a symlink
attack, potentially overwriting an arbitrary file with the privileges
of the user running the application.
There is no known workaround at this time.
All Hugin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/hugin-0.6.1-r1&quot;</code>
<uri link="">CVE-2007-5200</uri>
<metadata tag="submitter" timestamp="Sat, 17 Nov 2007 23:47:03 +0000">
<metadata tag="bugReady" timestamp="Sat, 17 Nov 2007 23:47:10 +0000">