-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.487 -- Debian Security Advisory DSA 160-1
      New scrollkeeper packages fix insecure temporary file creation
                             04 September 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                ScrollKeeper
Vendor:                 Debian
Operating System:       Debian GNU/Linux 3.0 alias woody
                        Linux
Impact:                 Overwrite Arbitrary Files
                        Create Arbitrary Files
Access Required:        Existing Account

Ref:                    ESB-2002.485

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 160-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 3rd, 2002                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : scrollkeeper
Vulnerability  : insecure temporary file creation
Problem-Type   : local
Debian-specific: no
CVE Id         : CAN-2002-0662

Spybreak discovered a problem in scrollkeeper, a free electronic
cataloging system for documentation.  The scrollkeeper-get-cl program
creates temporary files in an insecure manner in /tmp using guessable
filenames.  Since scrollkeeper is called automatically when a user
logs into a Gnome session, an attacker with local access can easily
create and overwrite files as another user.

This problem has been fixed in version 0.3.6-3.1 for the current
stable distribution (woody) and in version 0.3.11-2 for the unstable
distribution (sid).  The old stable distribution (potato) is not
affected, since it doesn't contain the scrollkeeper package.

We recommend that you upgrade your scrollkeeper packages immediately.

wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1.dsc
      Size/MD5 checksum:      761 f0ab585dd23c31804f94c9a97c4c3d8d
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1.diff.gz
      Size/MD5 checksum:    72068 889445a036c7b618e87a7e23aca5f641
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6.orig.tar.gz
      Size/MD5 checksum:   405812 6500ce56d6926443fc8c15f37c79aa0a

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_alpha.deb
      Size/MD5 checksum:    18446 471e49dab7c97860af932c3a09639c04
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_alpha.deb
      Size/MD5 checksum:    88266 e6e04bcd74a54a7196113d791205029a
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_alpha.deb
      Size/MD5 checksum:    82398 033f27b836ffaf8f08f36177f8253651

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_arm.deb
      Size/MD5 checksum:    13412 6425afd69256a6333748d30d346e3482
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_arm.deb
      Size/MD5 checksum:    86326 e50819ee737f344459e6ec6b9ddbf5d6
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_arm.deb
      Size/MD5 checksum:    78352 bde15d75ee4ff34314c897ab61e2c55b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_i386.deb
      Size/MD5 checksum:    12282 69e797d0c3e5e87bf59411f3b9416062
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_i386.deb
      Size/MD5 checksum:    85814 c2124cd6d3528ec36d05c7bfe1a99a07
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_i386.deb
      Size/MD5 checksum:    78818 a7e536042ebad89ed21fb27dcf41fc8f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_ia64.deb
      Size/MD5 checksum:    18888 13604ae70ee15f87d708806c5de55e2a
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_ia64.deb
      Size/MD5 checksum:    93456 d9b42065cfcdd6b8b284b18505b06f07
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_ia64.deb
      Size/MD5 checksum:    84730 54d3894395f4298f247cec050c18ac5e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_hppa.deb
      Size/MD5 checksum:    17086 deadc423ce2455865656a3ea33914425
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_hppa.deb
      Size/MD5 checksum:    88734 61ebf5f9dcffd70b15600f811a19c0b4
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_hppa.deb
      Size/MD5 checksum:    80562 00a782bf063d4427e38d72de655985e1

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_m68k.deb
      Size/MD5 checksum:    12066 dc7607140883648fdd3b425301cf9163
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_m68k.deb
      Size/MD5 checksum:    85998 d93a48006aa2ed9b44927d6641802182
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_m68k.deb
      Size/MD5 checksum:    78362 2af3cf86241f588f94a4cde333ecf2f4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_mips.deb
      Size/MD5 checksum:    15956 cc2e36432ec953056d108c8579193758
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_mips.deb
      Size/MD5 checksum:    86102 09d6dd555e2a25ed352e7744e2eff1c9
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_mips.deb
      Size/MD5 checksum:    79290 14e96a71b680fcc5ce5444152fb6359d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_mipsel.deb
      Size/MD5 checksum:    16008 c9ef5a7a29cfd246f87890333bad1e07
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_mipsel.deb
      Size/MD5 checksum:    85978 7b35ce0248eaf5b8ba49a321cf110f24
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_mipsel.deb
      Size/MD5 checksum:    79144 9f1516c111cda395d16e90c9483cdda9

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_powerpc.deb
      Size/MD5 checksum:    15294 b3333f4be631fe8a97682e5223e07f18
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_powerpc.deb
      Size/MD5 checksum:    87168 971f19bc3c3794ef79a81da9ba4ef38d
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_powerpc.deb
      Size/MD5 checksum:    79056 b9832303c7bdcf69cefc9d34a6fe1fb9

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_s390.deb
      Size/MD5 checksum:    12718 4f1be77aab7f2e5cc0931e7bdfc812c3
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_s390.deb
      Size/MD5 checksum:    86248 a2a24819fe422346952b9798b40a110e
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_s390.deb
      Size/MD5 checksum:    79796 cb948cba0731dfb6906c12b6f7e98a80

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_sparc.deb
      Size/MD5 checksum:    13238 58b8da744d314f15b3f2291d8e528baa
    http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_sparc.deb
      Size/MD5 checksum:    86094 b0096bef6320d2a8dc4090d6e40cb523
    http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_sparc.deb
      Size/MD5 checksum:    82830 47b6895582d7be37526fd17a3816469a


  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9dLWoW5ql+IAeqTIRAt2KAJ0YSCGZGOl+rbDW37GkMQlYdTEeTQCdENpz
NrSSJDkPBQ0jL6cuW/d+MbY=
=9GpS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPXYeCSh9+71yA2DNAQG/jQP/X1Gl1y5g2NaJJOHIzkyIRG3E2Q+CcsFS
HFM4hjbqLBqtWmZboenw70QFewtsgTvgcJTvujZ0TxL74DUL1ziwh9K9v08I5mDg
epgeBocBze8IeUX5satdsbB3UuY1kBYz8fN44NTGuuoqxPbDEIegB5qlJmAIaYfd
DNcj1+etF68=
=6R1N
-----END PGP SIGNATURE-----