rpms/am-utils
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files

Browse Source
This commit is contained in:
kzak 2008-05-29 10:52:22 +00:00
parent c0e4ddff98
commit ff776e743d
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
am-utils-6.1.5-expn-temp.patch Normal file
View File

@ -0,0 +1,26 @@
CVE-2008-1078 am-utils: insecure usage of temporary files
Addresses-Red-Hat-Bugzilla: #435420
Signed-off-by: Karel Zak <kzak@redhat.com>
diff -up am-utils-6.1.5/scripts/expn.in.kzak am-utils-6.1.5/scripts/expn.in
--- am-utils-6.1.5/scripts/expn.in.kzak 2008-05-29 12:43:19.000000000 +0200
+++ am-utils-6.1.5/scripts/expn.in 2008-05-29 12:44:20.000000000 +0200
@@ -9,6 +9,7 @@
# hardcoded constants, should work fine for BSD-based systems
#require 'sys/socket.ph'; # perl 4
use Socket; # perl 5
+use Fcntl
$AF_INET = &AF_INET;
$SOCK_STREAM = &SOCK_STREAM;
@@ -1009,7 +1010,7 @@ sub mxlookup
}
$0 = "$av0 - nslookup of $server";
- open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n";
+ sysopen(T,"/tmp/expn$$", O_EXCL | O_CREAT) || die "open > /tmp/expn$$: $!\n";
print T "set querytype=MX\n";
print T "$server\n";
close(T);

10
am-utils.spec
View File

@ -1,7 +1,7 @@
Summary: Automount utilities including an updated version of Amd
Name: am-utils
Version: 6.1.5
Release: 9%{?dist}
Release: 10%{?dist}
License: BSD
Epoch: 5
Group: System Environment/Daemons
@ -44,6 +44,8 @@ Patch2: am-utils-6.1.5-nfs-version.patch
Patch3: am-utils-6.1.5-UTS_RELEASE.patch
# Build system bugfixes
Patch4: am-utils-6.1.5-buildsys.patch
# 435420 - CVE-2008-1078 am-utils: insecure usage of temporary files
Patch5: am-utils-6.1.5-expn-temp.patch
# We need to filter out some perl requirements for now.
%define _use_internal_dependency_generator 0
@ -66,7 +68,8 @@ mounting and unmounting filesystems.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1 -b .kzak
%patch4 -p1
%patch5 -p1
find_requires=%{old_find_requires}
echo "$find_requires | grep -v lostaltmail.conf" > find-requires
@ -171,6 +174,9 @@ fi
%{_libdir}/libamu.so*
%changelog
* Thu May 29 2008 Karel Zak <kzak@redhat.com> 5:6.1.5-10
- fix #435420 - CVE-2008-1078 am-utils: insecure usage of temporary files
* Tue May 20 2008 Karel Zak <kzak@redhat.com> 5:6.1.5-9
- spec file cleanup according to rpmlint
- fix autotools stuff