62786 – [SECURITY] devel/libtool1[345]: symlink vulnerability

Bug 62786 - [SECURITY] devel/libtool1[345]: symlink vulnerability

Summary: [SECURITY] devel/libtool1[345]: symlink vulnerability

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Ade Lovett

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-02-13 14:20 UTC by Oliver Eikemeier
Modified:	2004-02-13 20:20 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (10.32 KB, patch) 2004-02-13 14:20 UTC, Oliver Eikemeier	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Eikemeier 2004-02-13 14:20:14 UTC

Stefan Nordhausen found a symlink vulnerability in libtool prior to version 1.5.2.
Libtool insecurely creates a temporary directory when a package using libtool is
being compiled.

- update libtool 1.3 to 1.3.5_2
- update libtool 1.4 to 1.4.3_3
- update libtool 1.5 to 1.5.2
- use SIZE and MASTER_SITE_GNU

Reference: <http://www.securityfocus.com/archive/1/352333>, fix from
           <http://www.securityfocus.com/archive/1/352519>

Comment 1 Oliver Eikemeier freebsd_committer

2004-02-13 14:20:57 UTC

Responsible Changed
From-To: freebsd-ports-bugs->ade

over to libtool maintainer

Comment 2 Ade Lovett freebsd_committer

2004-02-13 20:20:03 UTC

State Changed
From-To: open->closed

Patches/updates applied. 

Y'all beat me to this one by a couple hours :) 

Thanks.