COMMAND

    apcd

SYSTEMS AFFECTED

    Debian Linux 2.1

PROBLEM

    Following is based on Debian Security Advisory.  The apcd  package
    as shipped  in Debian  GNU/Linux 2.1  is vulnerable  to a  symlink
    attack.  If the  apcd process gets a  SIGUSR1 signal it will  dump
    its  status  to  /tmp/upsstat.  However  this  file  is not opened
    safely, which makes it a good target for a symlink attack.

SOLUTION

    This has been fixed in version 0.6a.nr-4slink1:

    - Source archives:
        http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.diff.gz
        http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr-4slink1.dsc
        http://security.debian.org/dists/stable/updates/source/apcd_0.6a.nr.orig.tar.gz

    - Alpha architecture:
        http://security.debian.org/dists/stable/updates/binary-alpha/apcd_0.6a.nr-4slink1_alpha.deb

    - Intel ia32 architecture:
        http://security.debian.org/dists/stable/updates/binary-i386/apcd_0.6a.nr-4slink1_i386.deb

    - Motorola 680x0 architecture:
        http://security.debian.org/dists/stable/updates/binary-m68k/apcd_0.6a.nr-4slink1_m68k.deb

    - Sun Sparc architecture:
        http://security.debian.org/dists/stable/updates/binary-sparc/apcd_0.6a.nr-4slink1_sparc.deb