lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <401F8445.3090807@informatik.hu-berlin.de>
Date: Tue, 03 Feb 2004 12:21:41 +0100
From: Stefan Nordhausen <deletethis.nordhaus@...ormatik.hu-berlin.de>
To: bugtraq@...urityfocus.com
Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2


I wrote:
> If you want to stick with your old version of libtool
> you can easily fix this bug yourself. In "ltmain.in" 
> [...] you should replace the line:
	
This fix will not work for the version of libtool that is distributed
with SuSE Linux (checked on SuSE 8.2/9.0). SuSE modified the tempdir
creation to use mktemp if available. As a result the patch mentioned
above would break SuSE's libtool, so don't use it for your SuSE Linux!

Unfortunately, the changes made by SuSE don't fix the vulnerability
(they just make it a bit harder to exploit) so that it is still
necessary to apply a bugfix.

Regards
Stefan

-- 
Don't open your eyes, you won't like what you see. The devils of truth 
steal the souls of the free. Don't open your eyes, take it from me. I 
have found, you can find happiness in slavery.
    Trent Reznor




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ