[Frugalware-darcs] homepage-ng: FSA196-xfsprogs-xfsdump

voroskoi voroskoi at frugalware.org
Thu Jun 7 12:48:23 CEST 2007

Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607104033-dd049-35d488e06133e831a6ec7670c7a553404b0f5343.gz;

voroskoi <voroskoi at frugalware.org>**20070607104033] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>196</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>xfsprogs-xfsdump</package>
+		<vulnerable>2.2.38_1-2</vulnerable>
+		<unaffected>2.2.45_1-1terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2122</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2654</cve>
+		<desc>Paul Martin has reported a security issue in xfsdump, which can be=
 exploited by malicious, local users to disclose potentially sensitive info=
rmation or manipulate data. The security issue is caused due to xfs_fsr cre=
ating a temporary directory with insecure permissions within the function "=
tmp_init()" in fsr/xfs_fsr.c. This can be exploited to read or overwrite fi=
les created in this directory or subdirectories, potentially allowing for t=
he disclosure of sensitive information or data manipulation.</desc>
+	</fsa>

More information about the Frugalware-darcs mailing list