oss-sec mailing list archives
LinuxMint - temp file creation vulns in mintNanny and mintUpdate
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 19 Mar 2012 13:34:28 -0600
mscherer () redhat com reported these to me: Two issues in LinuxMint: First a temporary file creation flaw in mintNanny: https://github.com/linuxmint/mintnanny/blob/master/usr/lib/linuxmint/mintNanny/mintNanny.py#L70
Please use CVE-2012-1566 for this issue
Secondly a temporary file creation flaw in mintUpdate: https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/mintUpdate.py#L1444
Please use CVE-2012-1567 for this issue. Also a note on fixing these issues: Python Simply use “mkstemp” from the “tempfile” module: http://docs.python.org/library/tempfile.html#tempfile.mkstemp I tried to find a LinuxMint security contact, nothing on the website (e.g. http://www.linuxmint.com/teams.php), someone suggested root () linuxmint com, here's hoping they see it. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- LinuxMint - temp file creation vulns in mintNanny and mintUpdate Kurt Seifried (Mar 19)