COMMAND
elvis
SYSTEMS AFFECTED
Linux
PROBLEM
Topi Miettinen audited elvis-tiny and raised an issue covering
the use and creation of temporary files. Those files are created
with a predictable pattern and O_EXCL flag is not used when
opening. This makes users of elvis-tiny vulnerable to race
conditions and/or data lossage.
This problem does not exist in the big elvis package.
SOLUTION
For Debian:
http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.diff.gz
http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4-10.dsc
http://security.debian.org/dists/potato/updates/main/source/elvis-tiny_1.4.orig.tar.gz
http://security.debian.org/dists/potato/updates/main/binary-alpha/elvis-tiny_1.4-10_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-arm/elvis-tiny_1.4-10_arm.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/elvis-tiny_1.4-10_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/elvis-tiny_1.4-10_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/elvis-tiny_1.4-10_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/elvis-tiny_1.4-10_sparc.deb
http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.dsc
http://security.debian.org/dists/stable/updates/main/source/ed_0.2.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-alpha/ed_0.2-18.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/ed_0.2-18.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/ed_0.2-18.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/ed_0.2-18.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ed_0.2-18.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ed_0.2-18.1_sparc.deb
For Immunix OS:
http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ed-0.2-19.6x_StackGuard.i386.rpm
http://www.immunix.org/ImmunixOS/6.2/updates/SRPMS/ed-0.2-19.6x_StackGuard.src.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ed-0.2-19_StackGuard.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/ed-0.2-19_StackGuard.src.rpm
For Linux-Mandrake:
Linux-Mandrake 6.0: 6.0/RPMS/ed-0.2-15.1mdk.i586.rpm
6.0/SRPMS/ed-0.2-15.1mdk.src.rpm
Linux-Mandrake 6.1: 6.1/RPMS/ed-0.2-15.1mdk.i586.rpm
6.1/SRPMS/ed-0.2-15.1mdk.src.rpm
Linux-Mandrake 7.0: 7.0/RPMS/ed-0.2-15.1mdk.i586.rpm
7.0/SRPMS/ed-0.2-15.1mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/ed-0.2-17.1mdk.i586.rpm
7.1/SRPMS/ed-0.2-17.1mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/ed-0.2-21.1mdk.i586.rpm
7.2/SRPMS/ed-0.2-21.1mdk.src.rpm
For Red Hat:
ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/ed-0.2-19.5x.alpha.rpm
ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/ed-0.2-19.5x.sparc.rpm
ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/ed-0.2-19.5x.i386.rpm
ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm
ftp://updates.redhat.com/5.2/SRPMS/ed-0.2-19.5x.src.rpm
ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.0/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.0/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.0/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/6.0/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.1/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.1/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/ed-0.2-19.6x.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/ed-0.2-19.6x.sparc.rpm
ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/ed-0.2-19.6x.i386.rpm
ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/6.2/SRPMS/ed-0.2-19.6x.src.rpm
ftp://updates.redhat.com/7.0/alpha/ed-0.2-19.alpha.rpm
ftp://updates.redhat.com/7.0/i386/ed-0.2-19.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/ed-0.2-19.src.rpm
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ed-0.2-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ed-0.2-17cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ed-0.2-17cl.i386.rpm
For Trustix Linux:
For version 1.2: ed-0.2-17tr.i586.rpm
ed-0.2-17tr.src.rpm
For version 1.1 and 1.0:
ed-0.2-17tr.i586.rpm
ed-0.2-17tr.src.rpm
Get these updates at:
ftp://ftp.trustix.net/pub/Trustix/updates/
http://www.trustix.net/pub/Trustix/updates/
Users of 1.0x and 1.1 should go to the 1.1 directory, while users
of 1.2 should use the packages available in the 1.2 directory.