blob: 19676e85663996fdd75b54045fb1bca05e1f40f6 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200903-35">
<title>Muttprint: Insecure temporary file usage</title>
An insecure temporary file usage in Muttprint allows for symlink attacks.
<product type="ebuild">muttprint</product>
<announced>March 23, 2009</announced>
<revised>March 23, 2009: 01</revised>
<package name="app-misc/muttprint" auto="yes" arch="*">
<unaffected range="ge">0.72d-r1</unaffected>
<vulnerable range="lt">0.72d-r1</vulnerable>
Muttprint formats the output of mail clients to a good-looking printing
using LaTeX.
Dmitry E. Oboukhov reported an insecure usage of the temporary file
"/tmp/muttprint.log" in the muttprint script.
<impact type="normal">
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application.
There is no known workaround at this time.
All Muttprint users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-misc/muttprint-0.72d-r1&quot;</code>
<uri link="">CVE-2008-5368</uri>
<metadata tag="requester" timestamp="Sun, 22 Mar 2009 20:25:26 +0000">
<metadata tag="submitter" timestamp="Sun, 22 Mar 2009 21:59:17 +0000">
<metadata tag="bugReady" timestamp="Sun, 22 Mar 2009 21:59:46 +0000">