COMMAND

    cfengine

SYSTEMS AFFECTED

    Debian Linux

PROBLEM

    Wichert  Akkerman  posted  following.   The  maintainer  of Debian
    GNU/Linux  cfengine  package  found  a  error  in the way cfengine
    handles  temporary  files  when  it   runs  the  tidy  action   on
    homedirectories, which makes it suspectible to a symlink attack.

SOLUTION

    The author has  been notified of  the problem.   Debian recommends
    you upgrade  your cfengine  package immediately  ('wget url'  will
    fetch the  file for  you and  'dpkg -i'  file.deb will install the
    referenced file.

        ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9.orig.tar.gz
        ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.diff.gz
        ftp://ftp.debian.org/debian/dists/stable/main/source/admin/cfengine_1.4.9-3.dsc

        ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_i386.deb

        ftp://ftp.debian.org/debian/dists/stable/main/binary-i386/admin/cfengine_1.4.9-3_m68k.deb

    Also, Debian GNU/Linux 2.0r5 fixed this (cfengine_1.4.9-3.deb).