November 23, 2000

File vulnerability problem for elvis-tiny

Author: JT Smith

"Topi Miettinen audited elvis-tiny and raised an issue covering the use and creation of temporary files. Those files are created with a predictable pattern and O_EXCL flag is not used when opening. This makes users of elvis-tiny vulnerable to race conditions and/or data lossage. This problem has been fixed in version 1.4-10 and we recommend that you upgrade your elvis-tiny packages immediately." Full security advisory available at LWN.net.

Category:

  • Linux
Click Here!