From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:014 - sharutils
Date:	 Thu, 16 May 2002 23:24:44 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	sharutils
Summary:	uudecode does not check its output file.
Date:		2002-05-16
ID:		ERISA-2002:014

=========================================================================

Problem description:

  uudecode would blindly create its output file, without checking that
  it was a pipe or a symbolic link.  A localuser could use uudecode to
  place data in a shared directory such as /tmp, and through this the
  attacker could overwrite files or gain extra privileges.

-------------------------------------------------------------------------
Updated packages:

  25907291a66c65863cc35809c9910151  sharutils-4.2.1-3.src.rpm
  87cb6269e5aa0f70a3776cfe6898cdcb  sharutils-4.2.1-3.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.