blob: 34357cb377991374ee0b6f695f43bbcbfd99ced7 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200901-14">
<title>Scilab: Insecure temporary file usage</title>
An insecure temporary file usage has been reported in Scilab, allowing for
symlink attacks.
<product type="ebuild">scilab</product>
<announced>January 21, 2009</announced>
<revised>January 21, 2009: 01</revised>
<package name="sci-mathematics/scilab" auto="yes" arch="*">
<unaffected range="ge">4.1.2-r1</unaffected>
<vulnerable range="lt">4.1.2-r1</vulnerable>
Scilab is a scientific software package for numerical computations.
Dmitry E. Oboukhov reported an insecure temporary file usage within the
scilink, scidoc and scidem scripts.
<impact type="normal">
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All Scilab users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=sci-mathematics/scilab-4.1.2-r1&quot;</code>
<uri link="">CVE-2008-4983</uri>
<metadata tag="requester" timestamp="Tue, 13 Jan 2009 17:29:36 +0000">
<metadata tag="submitter" timestamp="Tue, 13 Jan 2009 18:21:32 +0000">
<metadata tag="bugReady" timestamp="Tue, 13 Jan 2009 18:21:45 +0000">