Gentoo Security Advisory GLSA 200506-08 (GNU Shtool) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200506-08.

Solution

All GNU shtool users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/shtool-2.0.1-r2' All ocaml-mysql users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-ml/ocaml-mysql-1.0.3-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-08 http://bugs.gentoo.org/show_bug.cgi?id=93782 http://bugs.gentoo.org/show_bug.cgi?id=93784

Insight

GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Severity

Classification

CVE CVE-2005-1751, CVE-2005-1759

CVSS	Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200712-11 (portage)
Gentoo Security Advisory GLSA 200804-11 (policyd-weight)
Gentoo Security Advisory GLSA 201208-05 (Config-IniFiles)
Gentoo Security Advisory GLSA 200407-20 (subversion)
Gentoo Security Advisory GLSA 200410-16 (PostgreSQL)

Gentoo Security Advisory GLSA 200506-08 (GNU shtool)

Take action and discover your vulnerabilities