Date: Fri, 28 Oct 2011 09:07:00 -0400 (EDT) From: Ramon de C Valle <rcvalle@...hat.com> To: Hanno Böck <hanno@...eck.de> Cc: oss-security@...ts.openwall.com Subject: Re: Request for CVE Identifier: bzexe insecure temporary file > Have you checked if this also affects gzexe? It is pretty much the > same > as bzexe, just using gzip instead of bzip2. (afaik, no xzexe exists) It seems this issue affects only executables compressed by bzexe. The self-uncompressing executable created by gzexe seems to make appropriate use of the /tmp directory uncompressing the executable file to a previously created subdirectory created with mkdir--all with appropriate permissions. -- Ramon de C Valle / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.