Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Feb 2014 23:21:00 +0100
From: Jakub Wilk <jwilk@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc,
 Gamera, RPLY - insecure use of /tmp

I would like to request CVEs for a few temporary file vulnerabilities:

* Pacemaker:
https://bugs.debian.org/633964
This needs a CVE-2011-#### id.

* Python Imaging Library:
https://bugs.debian.org/737059
Note that we have two slightly different kinds of problems here:
1) in IptcImagePlugin.py and Image.py there's tempfile.mktemp() followed 
by open() in the same subprocess;
2) in JpegImagePlugin.py and EpsImagePlugin.py, temporary file name 
generated by tempfile.mktemp() is passed to an external process.
The latter kind is much easier to exploit, at least on some systems, 
because commandlines are not secret.

* eyeD3:
https://bugs.debian.org/737062

* Tom Duff's rc (part of 9base):
https://bugs.debian.org/737206

* Byron Rakitzis's rc:
https://bugs.debian.org/737125

* Gamera:
https://bugs.debian.org/737324

* RPLY (follow-up for CVE-2014-1604):
https://bugs.debian.org/737627

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.